ID

VAR-201905-1321


CVE

CVE-2019-10918


TITLE

plural SIMATIC Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004568

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC PCS 7 and SIMATIC WinCC are products of Siemens AG, Germany. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. The Siemens SIMATIC PCS 7 and SIMATIC WinCC input validation error vulnerability stems from a network system or product that does not properly validate the input data, and an authenticated attacker can exploit the vulnerability to execute arbitrary commands with SYSTEM privileges. Siemens SIMATIC products are prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An SQL injection vulnerability3. 3. An arbitrary command execution Exploiting these vulnerabilities could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, bypass security restrictions, or execute arbitrary code or cause a denial of service condition. The following Siemens SIMATIC products are affected: SIMATIC PCS 7 version 8.0 and prior SIMATIC PCS 7 version 8.1 SIMATIC PCS 7 version 8.2 SIMATIC PCS 7 version 9.0 SIMATIC WinCC (TIA Portal) version 13 SIMATIC WinCC (TIA Portal) version 14 SIMATIC WinCC (TIA Portal) version 15 SIMATIC WinCC Runtime Professional, all version SIMATIC WinCC version 7.2 and prior SIMATIC WinCC version 7.3 SIMATIC WinCC version 7.4 SIMATIC WinCC version 7.5, all version prior to version 7.5 Update 3

Trust: 2.79

sources: NVD: CVE-2019-10918 // JVNDB: JVNDB-2019-004568 // CNVD: CNVD-2019-14940 // BID: 108404 // IVD: 63a18fd7-d96a-4df7-a648-6f834337cfc7 // VULHUB: VHN-142512 // VULMON: CVE-2019-10918

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 63a18fd7-d96a-4df7-a648-6f834337cfc7 // CNVD: CNVD-2019-14940

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic winccscope:eqversion:7.5

Trust: 1.3

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 1.3

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 1.3

vendor:siemensmodel:simatic wincc \scope:eqversion:13.0

Trust: 1.0

vendor:siemensmodel:simatic winccscope:lteversion:7.2

Trust: 1.0

vendor:siemensmodel:simatic wincc \scope:eqversion:14.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.2

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:lteversion:8.0

Trust: 1.0

vendor:siemensmodel:simatic wincc \scope:eqversion:15.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.1

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:9.0

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:v13

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:v14

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:v15

Trust: 0.9

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.1.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.3.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.5 upd3

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:13.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:14.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:7.5

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope:lteversion:8.0 and earlier

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.2.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.4.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:15.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:lteversion:7.2 and earlier

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope:eqversion:9.0.x

Trust: 0.8

vendor:siemensmodel:simatic pcsscope:eqversion:7v8.2

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v8.1

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7<=v8.0

Trust: 0.6

vendor:siemensmodel:simatic winccscope:lteversion:<=v7.2

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v9.0

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v7.3

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic wincc upd3scope:eqversion:v7.5.*<v7.5

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:6.2

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:79.0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.2

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:7.53

Trust: 0.3

vendor:simatic pcs 7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic pcs 7model: - scope:eqversion:8.1

Trust: 0.2

vendor:simatic pcs 7model: - scope:eqversion:8.2

Trust: 0.2

vendor:simatic pcs 7model: - scope:eqversion:9.0

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:7.3

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:7.4

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:7.5

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:13.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:14.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:15.0

Trust: 0.2

vendor:simatic wincc runtime professionalmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 63a18fd7-d96a-4df7-a648-6f834337cfc7 // CNVD: CNVD-2019-14940 // BID: 108404 // JVNDB: JVNDB-2019-004568 // NVD: CVE-2019-10918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10918
value: HIGH

Trust: 1.0

NVD: CVE-2019-10918
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-14940
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201905-592
value: HIGH

Trust: 0.6

IVD: 63a18fd7-d96a-4df7-a648-6f834337cfc7
value: HIGH

Trust: 0.2

VULHUB: VHN-142512
value: HIGH

Trust: 0.1

VULMON: CVE-2019-10918
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10918
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-14940
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 63a18fd7-d96a-4df7-a648-6f834337cfc7
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142512
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10918
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10918
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 63a18fd7-d96a-4df7-a648-6f834337cfc7 // CNVD: CNVD-2019-14940 // VULHUB: VHN-142512 // VULMON: CVE-2019-10918 // JVNDB: JVNDB-2019-004568 // CNNVD: CNNVD-201905-592 // NVD: CVE-2019-10918

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-749

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-142512 // JVNDB: JVNDB-2019-004568 // NVD: CVE-2019-10918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-592

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-592

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004568

PATCH

title:SSA-697412url:https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf

Trust: 0.8

title:Siemens SIMATIC PCS 7 and SIMATIC WinCC input patches for verification error vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/161829

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=8ee2a5f6493c2fed7b0aee2edd85e1cb

Trust: 0.1

sources: CNVD: CNVD-2019-14940 // VULMON: CVE-2019-10918 // JVNDB: JVNDB-2019-004568

EXTERNAL IDS

db:NVDid:CVE-2019-10918

Trust: 3.7

db:ICS CERTid:ICSA-19-134-08

Trust: 3.5

db:SIEMENSid:SSA-697412

Trust: 1.8

db:BIDid:108404

Trust: 1.0

db:CNNVDid:CNNVD-201905-592

Trust: 0.9

db:CNVDid:CNVD-2019-14940

Trust: 0.8

db:JVNDBid:JVNDB-2019-004568

Trust: 0.8

db:ICS CERTid:ICSA-19-134-02

Trust: 0.6

db:AUSCERTid:ESB-2019.1716.2

Trust: 0.6

db:IVDid:63A18FD7-D96A-4DF7-A648-6F834337CFC7

Trust: 0.2

db:VULHUBid:VHN-142512

Trust: 0.1

db:VULMONid:CVE-2019-10918

Trust: 0.1

sources: IVD: 63a18fd7-d96a-4df7-a648-6f834337cfc7 // CNVD: CNVD-2019-14940 // VULHUB: VHN-142512 // VULMON: CVE-2019-10918 // BID: 108404 // JVNDB: JVNDB-2019-004568 // CNNVD: CNNVD-201905-592 // NVD: CVE-2019-10918

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-134-08

Trust: 2.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf

Trust: 1.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-08

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-10918

Trust: 1.4

url:http://www.securityfocus.com/bid/108404

Trust: 1.3

url:http://subscriber.communications.siemens.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10918

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80946

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29286

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2019-14940 // VULHUB: VHN-142512 // VULMON: CVE-2019-10918 // BID: 108404 // JVNDB: JVNDB-2019-004568 // CNNVD: CNNVD-201905-592 // NVD: CVE-2019-10918

CREDITS

Vladimir Dashchenko and Sergey Temnikov from Kaspersky Lab,ChengBin Wang from ZheJiang Guoli Security Technology, and ChengBin Wang from Guoli Security Technology reported these vulnerabilities to Siemens., CNCERT/CC

Trust: 0.6

sources: CNNVD: CNNVD-201905-592

SOURCES

db:IVDid:63a18fd7-d96a-4df7-a648-6f834337cfc7
db:CNVDid:CNVD-2019-14940
db:VULHUBid:VHN-142512
db:VULMONid:CVE-2019-10918
db:BIDid:108404
db:JVNDBid:JVNDB-2019-004568
db:CNNVDid:CNNVD-201905-592
db:NVDid:CVE-2019-10918

LAST UPDATE DATE

2024-11-23T21:37:16.574000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-14940date:2019-05-21T00:00:00
db:VULHUBid:VHN-142512date:2019-10-10T00:00:00
db:VULMONid:CVE-2019-10918date:2019-10-10T00:00:00
db:BIDid:108404date:2019-05-22T06:00:00
db:JVNDBid:JVNDB-2019-004568date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201905-592date:2021-10-29T00:00:00
db:NVDid:CVE-2019-10918date:2024-11-21T04:20:08.927

SOURCES RELEASE DATE

db:IVDid:63a18fd7-d96a-4df7-a648-6f834337cfc7date:2019-05-21T00:00:00
db:CNVDid:CNVD-2019-14940date:2019-05-21T00:00:00
db:VULHUBid:VHN-142512date:2019-05-14T00:00:00
db:VULMONid:CVE-2019-10918date:2019-05-14T00:00:00
db:BIDid:108404date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004568date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-592date:2019-05-14T00:00:00
db:NVDid:CVE-2019-10918date:2019-05-14T20:29:02.483