Details of VAR-201910-1741

ID

VAR-201910-1741

TITLE

Arbitrary file writing vulnerability in Siemens SIMATIC WinCC PdlComponents.dll control

Trust: 0.6

sources: CNVD: CNVD-2019-36477

DESCRIPTION

Siemens SIMATIC is an automation software with a single engineering environment. WinCC supports the discovery and configuration of LAN device information using the PN-DCP protocol at the Ethernet layer. An arbitrary file writing vulnerability exists in the Siemens SIMATIC WinCC PdlComponents.dll control. An attacker can call this function to write to any file on the computer, including generating a malicious program

Trust: 0.72

sources: CNVD: CNVD-2019-36477 // IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8 // CNVD: CNVD-2019-36477

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic wincc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8 // CNVD: CNVD-2019-36477

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-36477
value:	HIGH
Trust: 0.6
IVD:	995b7628-c780-4004-88c0-a0c4d9a4f7f8
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2019-36477
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	995b7628-c780-4004-88c0-a0c4d9a4f7f8
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8 // CNVD: CNVD-2019-36477

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8

PATCH

title:

Industrial Control Device Vulnerability in Save Function of PdlComponents.dll Control of SIMATIC WinCC

url:

https://www.cnvd.org.cn/patchinfo/show/180589

Trust: 0.6

sources: CNVD: CNVD-2019-36477

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-36477	Trust: 0.8
db:	IVD	id:	995B7628-C780-4004-88C0-A0C4D9A4F7F8	Trust: 0.2

sources: IVD: 995b7628-c780-4004-88c0-a0c4d9a4f7f8 // CNVD: CNVD-2019-36477

SOURCES

db:	IVD	id:	995b7628-c780-4004-88c0-a0c4d9a4f7f8
db:	CNVD	id:	CNVD-2019-36477

LAST UPDATE DATE

2022-05-17T02:02:22.705000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-36477

date:

2020-01-23T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	995b7628-c780-4004-88c0-a0c4d9a4f7f8	date:	2019-10-22T00:00:00
db:	CNVD	id:	CNVD-2019-36477	date:	2019-10-31T00:00:00