ID

VAR-201905-1322


CVE

CVE-2019-10916


TITLE

plural SIMATIC Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004566

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC PCS 7 and SIMATIC WinCC are products of Siemens AG, Germany. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. An input validation error vulnerability exists in Siemens SIMATIC PCS 7 and SIMATIC WinCC that was caused by a network system or product that did not properly validate the input data and could be exploited by an attacker to access project files. Siemens SIMATIC products are prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An SQL injection vulnerability3. 3. An arbitrary command execution Exploiting these vulnerabilities could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, bypass security restrictions, or execute arbitrary code or cause a denial of service condition. The following Siemens SIMATIC products are affected: SIMATIC PCS 7 version 8.0 and prior SIMATIC PCS 7 version 8.1 SIMATIC PCS 7 version 8.2 SIMATIC PCS 7 version 9.0 SIMATIC WinCC (TIA Portal) version 13 SIMATIC WinCC (TIA Portal) version 14 SIMATIC WinCC (TIA Portal) version 15 SIMATIC WinCC Runtime Professional, all version SIMATIC WinCC version 7.2 and prior SIMATIC WinCC version 7.3 SIMATIC WinCC version 7.4 SIMATIC WinCC version 7.5, all version prior to version 7.5 Update 3

Trust: 2.7

sources: NVD: CVE-2019-10916 // JVNDB: JVNDB-2019-004566 // CNVD: CNVD-2019-14938 // BID: 108404 // IVD: 5e23f13f-8869-4704-a7f2-72babe1680f8 // VULHUB: VHN-142510

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5e23f13f-8869-4704-a7f2-72babe1680f8 // CNVD: CNVD-2019-14938

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic winccscope:eqversion:7.5

Trust: 1.3

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 1.3

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 1.3

vendor:siemensmodel:simatic winccscope:lteversion:7.2

Trust: 1.0

vendor:siemensmodel:simatic wincc \scope:eqversion:13.0

Trust: 1.0

vendor:siemensmodel:simatic wincc \scope:eqversion:15.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.1

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:9.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.2

Trust: 1.0

vendor:siemensmodel:simatic wincc \scope:eqversion:14.0

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:lteversion:8.0

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:v13

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:v14

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:v15

Trust: 0.9

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.1.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.3.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.5 upd3

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:13.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:14.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:7.5

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope:lteversion:8.0 and earlier

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.2.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.4.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:15.x

Trust: 0.8

vendor:siemensmodel:simatic winccscope:lteversion:7.2 and earlier

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope:eqversion:9.0.x

Trust: 0.8

vendor:siemensmodel:simatic pcsscope:eqversion:7v8.2

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v8.0

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v8.1

Trust: 0.6

vendor:siemensmodel:simatic winccscope:lteversion:<=7.2

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v9.0

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v7.3

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic wincc upd3scope:eqversion:v7.5.*<v7.5

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:6.2

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:79.0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.2

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:7.53

Trust: 0.3

vendor:simatic pcs 7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic pcs 7model: - scope:eqversion:8.1

Trust: 0.2

vendor:simatic pcs 7model: - scope:eqversion:8.2

Trust: 0.2

vendor:simatic pcs 7model: - scope:eqversion:9.0

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:7.3

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:7.4

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:7.5

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:13.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:14.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:15.0

Trust: 0.2

vendor:simatic wincc runtime professionalmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 5e23f13f-8869-4704-a7f2-72babe1680f8 // CNVD: CNVD-2019-14938 // BID: 108404 // JVNDB: JVNDB-2019-004566 // NVD: CVE-2019-10916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10916
value: HIGH

Trust: 1.0

NVD: CVE-2019-10916
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-14938
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201905-597
value: HIGH

Trust: 0.6

IVD: 5e23f13f-8869-4704-a7f2-72babe1680f8
value: HIGH

Trust: 0.2

VULHUB: VHN-142510
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10916
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-14938
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5e23f13f-8869-4704-a7f2-72babe1680f8
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142510
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10916
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10916
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 5e23f13f-8869-4704-a7f2-72babe1680f8 // CNVD: CNVD-2019-14938 // VULHUB: VHN-142510 // JVNDB: JVNDB-2019-004566 // CNNVD: CNNVD-201905-597 // NVD: CVE-2019-10916

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-142510 // JVNDB: JVNDB-2019-004566 // NVD: CVE-2019-10916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-597

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-597

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004566

PATCH

title:SSA-697412url:https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC PCS 7 and SIMATIC WinCC Input Validation Error Vulnerability (NVD-C-2019-65203)url:https://www.cnvd.org.cn/patchInfo/show/161835

Trust: 0.6

sources: CNVD: CNVD-2019-14938 // JVNDB: JVNDB-2019-004566

EXTERNAL IDS

db:NVDid:CVE-2019-10916

Trust: 3.6

db:ICS CERTid:ICSA-19-134-08

Trust: 3.4

db:SIEMENSid:SSA-697412

Trust: 1.7

db:CNNVDid:CNNVD-201905-597

Trust: 0.9

db:BIDid:108404

Trust: 0.9

db:CNVDid:CNVD-2019-14938

Trust: 0.8

db:JVNDBid:JVNDB-2019-004566

Trust: 0.8

db:ICS CERTid:ICSA-19-134-02

Trust: 0.6

db:AUSCERTid:ESB-2019.1716.2

Trust: 0.6

db:IVDid:5E23F13F-8869-4704-A7F2-72BABE1680F8

Trust: 0.2

db:VULHUBid:VHN-142510

Trust: 0.1

sources: IVD: 5e23f13f-8869-4704-a7f2-72babe1680f8 // CNVD: CNVD-2019-14938 // VULHUB: VHN-142510 // BID: 108404 // JVNDB: JVNDB-2019-004566 // CNNVD: CNNVD-201905-597 // NVD: CVE-2019-10916

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-134-08

Trust: 2.5

url:https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-08

Trust: 1.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-10916

Trust: 1.4

url:http://www.securityfocus.com/bid/108404

Trust: 1.2

url:http://subscriber.communications.siemens.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10916

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80946

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29286

Trust: 0.6

sources: CNVD: CNVD-2019-14938 // VULHUB: VHN-142510 // BID: 108404 // JVNDB: JVNDB-2019-004566 // CNNVD: CNNVD-201905-597 // NVD: CVE-2019-10916

CREDITS

Vladimir Dashchenko and Sergey Temnikov from Kaspersky Lab, and ChengBin Wang from Guoli Security Technology, and ChengBin Wang from Guoli Security Technology reported these vulnerabilities to Siemens., CNCERT/CC

Trust: 0.6

sources: CNNVD: CNNVD-201905-597

SOURCES

db:IVDid:5e23f13f-8869-4704-a7f2-72babe1680f8
db:CNVDid:CNVD-2019-14938
db:VULHUBid:VHN-142510
db:BIDid:108404
db:JVNDBid:JVNDB-2019-004566
db:CNNVDid:CNNVD-201905-597
db:NVDid:CVE-2019-10916

LAST UPDATE DATE

2024-08-14T13:26:20.915000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-14938date:2019-05-21T00:00:00
db:VULHUBid:VHN-142510date:2019-10-10T00:00:00
db:BIDid:108404date:2019-05-22T06:00:00
db:JVNDBid:JVNDB-2019-004566date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201905-597date:2022-03-17T00:00:00
db:NVDid:CVE-2019-10916date:2021-10-28T13:37:53.173

SOURCES RELEASE DATE

db:IVDid:5e23f13f-8869-4704-a7f2-72babe1680f8date:2019-05-21T00:00:00
db:CNVDid:CNVD-2019-14938date:2019-05-21T00:00:00
db:VULHUBid:VHN-142510date:2019-05-14T00:00:00
db:BIDid:108404date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004566date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-597date:2019-05-14T00:00:00
db:NVDid:CVE-2019-10916date:2019-05-14T20:29:02.293