ID

VAR-201910-1741


TITLE

Arbitrary file writing vulnerability in Siemens SIMATIC WinCC PdlComponents.dll control

Trust: 0.6

sources: CNVD: CNVD-2019-36477

DESCRIPTION

Siemens SIMATIC is an automation software with a single engineering environment. WinCC supports the discovery and configuration of LAN device information using the PN-DCP protocol at the Ethernet layer. An arbitrary file writing vulnerability exists in the Siemens SIMATIC WinCC PdlComponents.dll control. An attacker can call this function to write to any file on the computer, including generating a malicious program

Trust: 0.72

sources: CNVD: CNVD-2019-36477 // IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8 // CNVD: CNVD-2019-36477

AFFECTED PRODUCTS

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:*

Trust: 0.2

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8 // CNVD: CNVD-2019-36477

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-36477
value: HIGH

Trust: 0.6

IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8
value: HIGH

Trust: 0.2

CNVD: CNVD-2019-36477
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8 // CNVD: CNVD-2019-36477

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8

PATCH

title:Industrial Control Device Vulnerability in Save Function of PdlComponents.dll Control of SIMATIC WinCCurl:https://www.cnvd.org.cn/patchinfo/show/180589

Trust: 0.6

sources: CNVD: CNVD-2019-36477

EXTERNAL IDS

db:CNVDid:CNVD-2019-36477

Trust: 0.8

db:IVDid:995B7628-C780-4004-88C0-A0C4D9A4F7F8

Trust: 0.2

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8 // CNVD: CNVD-2019-36477

SOURCES

db:IVDid:995b7628-c780-4004-88c0-a0c4d9a4f7f8
db:CNVDid:CNVD-2019-36477

LAST UPDATE DATE

2022-05-17T02:02:22.705000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-36477date:2020-01-23T00:00:00

SOURCES RELEASE DATE

db:IVDid:995b7628-c780-4004-88c0-a0c4d9a4f7f8date:2019-10-22T00:00:00
db:CNVDid:CNVD-2019-36477date:2019-10-31T00:00:00