ID

VAR-202009-1544


CVE

CVE-2020-14517


TITLE

CodeMeter  Vulnerability in cryptography

Trust: 0.8

sources: JVNDB: JVNDB-2020-011222

DESCRIPTION

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. CodeMeter Contains a cryptographic vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. Many Siemens products have security vulnerabilities. Attackers can use the vulnerability to communicate with CodeMeter API remotely

Trust: 2.16

sources: NVD: CVE-2020-14517 // JVNDB: JVNDB-2020-011222 // CNVD: CNVD-2020-51242

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-51242

AFFECTED PRODUCTS

vendor:wibumodel:codemeterscope:ltversion:6.90

Trust: 1.0

vendor:wibumodel:codemeterscope: - version: -

Trust: 0.8

vendor:wibumodel:codemeterscope:eqversion: -

Trust: 0.8

vendor:wibumodel:codemeterscope:eqversion:6.90

Trust: 0.8

vendor:siemensmodel:information server sp1scope:lteversion:<=2019

Trust: 0.6

vendor:siemensmodel:simatic wincc oascope:eqversion:3.17

Trust: 0.6

vendor:siemensmodel:sinec insscope: - version: -

Trust: 0.6

vendor:siemensmodel:sppa-s2000scope:eqversion:3.04

Trust: 0.6

vendor:siemensmodel:sppa-s2000scope:eqversion:3.06

Trust: 0.6

vendor:siemensmodel:sppa-t3000 r8.2 sp2scope: - version: -

Trust: 0.6

vendor:siemensmodel:sppa-s3000scope:eqversion:3.05

Trust: 0.6

vendor:siemensmodel:sppa-s3000scope:eqversion:3.04

Trust: 0.6

sources: CNVD: CNVD-2020-51242 // JVNDB: JVNDB-2020-011222 // NVD: CVE-2020-14517

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14517
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-14517
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-51242
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202009-489
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-14517
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-51242
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-14517
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-14517
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-51242 // JVNDB: JVNDB-2020-011222 // CNNVD: CNNVD-202009-489 // NVD: CVE-2020-14517

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.0

problemtype:CWE-327

Trust: 1.0

problemtype:Inadequate encryption strength (CWE-326) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011222 // NVD: CVE-2020-14517

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-489

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202009-489

PATCH

title:CodeMeterurl:https://www.wibu.com/products/codemeter.html

Trust: 0.8

title:Patch for Vulnerabilities in insufficient encryption strength of many Siemens productsurl:https://www.cnvd.org.cn/patchInfo/show/233344

Trust: 0.6

title:ARC and MATIO Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127910

Trust: 0.6

sources: CNVD: CNVD-2020-51242 // JVNDB: JVNDB-2020-011222 // CNNVD: CNNVD-202009-489

EXTERNAL IDS

db:NVDid:CVE-2020-14517

Trust: 3.8

db:ICS CERTid:ICSA-20-203-01

Trust: 2.4

db:JVNid:JVNVU90770748

Trust: 0.8

db:JVNid:JVNVU94568336

Trust: 0.8

db:JVNDBid:JVNDB-2020-011222

Trust: 0.8

db:SIEMENSid:SSA-455843

Trust: 0.6

db:CNVDid:CNVD-2020-51242

Trust: 0.6

db:AUSCERTid:ESB-2020.3076.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3076.3

Trust: 0.6

db:AUSCERTid:ESB-2020.3076

Trust: 0.6

db:CS-HELPid:SB2022021806

Trust: 0.6

db:CNNVDid:CNNVD-202009-489

Trust: 0.6

sources: CNVD: CNVD-2020-51242 // JVNDB: JVNDB-2020-011222 // CNNVD: CNNVD-202009-489 // NVD: CVE-2020-14517

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-14517

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94568336/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu90770748/

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021806

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3076.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3076.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3076/

Trust: 0.6

sources: CNVD: CNVD-2020-51242 // JVNDB: JVNDB-2020-011222 // CNNVD: CNNVD-202009-489 // NVD: CVE-2020-14517

SOURCES

db:CNVDid:CNVD-2020-51242
db:JVNDBid:JVNDB-2020-011222
db:CNNVDid:CNNVD-202009-489
db:NVDid:CVE-2020-14517

LAST UPDATE DATE

2024-08-14T12:30:10.841000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-51242date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-011222date:2022-03-15T05:10:00
db:CNNVDid:CNNVD-202009-489date:2022-02-21T00:00:00
db:NVDid:CVE-2020-14517date:2021-11-04T18:15:08.017

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-51242date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-011222date:2021-03-24T00:00:00
db:CNNVDid:CNNVD-202009-489date:2020-09-08T00:00:00
db:NVDid:CVE-2020-14517date:2020-09-16T20:15:13.647