Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-8214 (GCVE-0-2015-8214)
Vulnerability from cvelistv5
Published
2015-11-27 15:00
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78345"
},
{
"name": "1034279",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78345"
},
{
"name": "1034279",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78345"
},
{
"name": "1034279",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034279"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8214",
"datePublished": "2015-11-27T15:00:00",
"dateReserved": "2015-11-16T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-8214\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-11-27T15:59:00.133\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIMATIC NET CP 342-5 (incl. variantes de SIPLUS) (Todas las versiones), SIMATIC NET CP 343-1 Advanced (incl. variantes de SIPLUS) (Todas las versiones anteriores a V3.0.44), SIMATIC NET CP 343-1 Lean (incl. variantes de SIPLUS) (Todas las versiones anteriores a V3.1.1). variantes SIPLUS) (Todas las versiones anteriores a V3.1.1), SIMATIC NET CP 343-1 Standard (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.2.9), SIMATIC NET CP 443-1 Standard (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.0.44) SIPLUS) (Todas las versiones anteriores a V3.2.9), SIMATIC NET CP 443-5 Basic (incl. variantes SIPLUS) (Todas las versiones), SIMATIC NET CP 443-5 Extended (Todas las versiones), TIM 3V-IE / TIM 3V-IE Advanced (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V2. 6.0), TIM 3V-IE DNP3 (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V3.1.0), TIM 4R-IE (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V2.6.0), TIM 4R-IE DNP3 (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V3.1.0). La aplicaci\u00f3n del nivel de protecci\u00f3n de acceso implementado en los procesadores de comunicaci\u00f3n (CP) afectados podr\u00eda permitir a usuarios no autentificados realizar operaciones administrativas en los CP si el acceso a la red (puerto 102/TCP) est\u00e1 disponible y la configuraci\u00f3n de los CP se almacen\u00f3 en sus correspondientes CPU\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:C/A:C\",\"baseScore\":9.7,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":9.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88638890-5ABE-4824-A41F-FCF30532A538\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"9296A7D4-7F72-4D8A-9863-7CF8B5CEEAAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"733EA356-41B9-47E9-8E17-0988D84CCEF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7572C2D-6B45-4DE4-9488-77A77437E3EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:dnp3:*:*:*\",\"matchCriteriaId\":\"5CDFD9DA-A370-47C2-A2CB-B4A71268A9CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_tim_4r-ie:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDA23503-444E-427A-B6A5-021AC6FE72CD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:lean:*:*:*\",\"matchCriteriaId\":\"BF2877DF-4B20-4719-9046-BB368E5873DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:advanced:*:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"B1CD1E2E-4220-4FC1-BB19-2812D4354BF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C100D7C1-EAD2-455D-8A72-5BBBD85F2F77\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28A429DF-6ED6-4235-9C2D-699CA577347A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"138A9472-BE23-4107-BB6D-3E6C150EC4FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:dnp3:*:*:*\",\"matchCriteriaId\":\"B969E93A-18C8-4422-B544-57F8CF83A963\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_tim_3v-ie:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF29ECAA-CAB2-4B50-A348-A6EC50E0BDC6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/78345\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1034279\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/78345\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
cnvd-2015-07864
Vulnerability from cnvd
Title
Siemens SIMATIC通信机模块信息泄露漏洞
Description
Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1是通信机模块。
Siemens SIMATIC CP 343-1 Advanced 设备3.0.44之前版本, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R-IE DNP3, CP 443-1, CP 443-1 Advanced在访问保护层的实现上存在安全漏洞,允许未经身份验证的远程攻击者利用此漏洞通过TCP端口102上的会话获取管理员访问权限。
Severity
高
VLAI Severity ?
Patch Name
Siemens SIMATIC通信机模块信息泄露漏洞的补丁
Patch Description
Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1是通信机模块。
Siemens SIMATIC CP 343-1 Advanced 设备3.0.44之前版本, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R-IE DNP3, CP 443-1, CP 443-1 Advanced在访问保护层的实现上存在安全漏洞,允许未经身份验证的远程攻击者利用此漏洞通过TCP端口102上的会话获取管理员访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf
Reference
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf
Impacted products
| Name | ['Siemens SIMATIC CP 343-1 Advanced devices <3.0.44', 'Siemens CP 343-1 Lean devices', 'Siemens CP 343-1 devices', 'Siemens TIM 3V-IE devices', 'Siemens TIM 3V-IE Advanced devices', 'Siemens TIM 3V-IE DNP3 devices', 'Siemens TIM 4R-IE devices', 'Siemens TIM 4R-IE DNP3 devices', 'Siemens CP 443-1 devices', 'Siemens CP 443-1 Advanced devices'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-8214"
}
},
"description": "Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1\u662f\u901a\u4fe1\u673a\u6a21\u5757\u3002\r\n\r\nSiemens SIMATIC CP 343-1 Advanced \u8bbe\u59073.0.44\u4e4b\u524d\u7248\u672c, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R-IE DNP3, CP 443-1, CP 443-1 Advanced\u5728\u8bbf\u95ee\u4fdd\u62a4\u5c42\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7TCP\u7aef\u53e3102\u4e0a\u7684\u4f1a\u8bdd\u83b7\u53d6\u7ba1\u7406\u5458\u8bbf\u95ee\u6743\u9650\u3002",
"discovererName": "Lei ChengLin",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-07864",
"openTime": "2015-12-01",
"patchDescription": "Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1\u662f\u901a\u4fe1\u673a\u6a21\u5757\u3002\r\n\r\nSiemens SIMATIC CP 343-1 Advanced \u8bbe\u59073.0.44\u4e4b\u524d\u7248\u672c, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R-IE DNP3, CP 443-1, CP 443-1 Advanced\u5728\u8bbf\u95ee\u4fdd\u62a4\u5c42\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7TCP\u7aef\u53e3102\u4e0a\u7684\u4f1a\u8bdd\u83b7\u53d6\u7ba1\u7406\u5458\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens SIMATIC\u901a\u4fe1\u673a\u6a21\u5757\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SIMATIC CP 343-1 Advanced devices \u003c3.0.44",
"Siemens CP 343-1 Lean devices",
"Siemens CP 343-1 devices",
"Siemens TIM 3V-IE devices",
"Siemens TIM 3V-IE Advanced devices",
"Siemens TIM 3V-IE DNP3 devices",
"Siemens TIM 4R-IE devices",
"Siemens TIM 4R-IE DNP3 devices",
"Siemens CP 443-1 devices",
"Siemens CP 443-1 Advanced devices"
]
},
"referenceLink": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf",
"serverity": "\u9ad8",
"submitTime": "2015-11-30",
"title": "Siemens SIMATIC\u901a\u4fe1\u673a\u6a21\u5757\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
gsd-2015-8214
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-8214",
"description": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs.",
"id": "GSD-2015-8214"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-8214"
],
"details": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs.",
"id": "GSD-2015-8214",
"modified": "2023-12-13T01:20:03.369928Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78345"
},
{
"name": "1034279",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034279"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:advanced:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:dnp3:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_tim_4r-ie:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:lean:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:advanced:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:dnp3:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_tim_3v-ie:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8214"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"name": "78345",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/78345"
},
{
"name": "1034279",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1034279"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2021-04-22T21:15Z",
"publishedDate": "2015-11-27T15:59Z"
}
}
}
icsa-15-335-03
Vulnerability from csaf_cisa
Published
2015-11-27 00:00
Modified
2025-07-08 00:00
Summary
Siemens SIMATIC Communication Processor Vulnerability (Update C)
Notes
Summary
SIMATIC CP and TIM devices contain an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-763427 from a direct conversion of their vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SIMATIC CP and TIM devices contain an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-763427 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-763427: Authentication Bypass Vulnerability in SIMATIC CP and TIM Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-763427.json"
},
{
"category": "self",
"summary": "SSA-763427: Authentication Bypass Vulnerability in SIMATIC CP and TIM Devices - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-763427.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-15-335-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2015/icsa-15-335-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-15-335-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-335-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMATIC Communication Processor Vulnerability (Update C)",
"tracking": {
"current_release_date": "2025-07-08T00:00:00.000000Z",
"generator": {
"date": "2025-07-10T15:44:49.648890Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-15-335-03",
"initial_release_date": "2015-11-27T00:00:00.000000Z",
"revision_history": [
{
"date": "2015-11-27T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2016-01-29T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix information for SIMATIC TIM 3V-IE and TIM 4R-IE modules"
},
{
"date": "2016-02-01T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix information for SIMATIC CP 443-1 / CP 443-1 Advanced"
},
{
"date": "2016-04-29T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix information for SIMATIC CP343-1 Lean / CP 343-1"
},
{
"date": "2020-02-10T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "SIPLUS devices now explicitly mentioned in the list of affected products"
},
{
"date": "2021-04-13T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Clarified product names and added SIMATIC NET CP PROFIBUS devices"
},
{
"date": "2025-07-08T00:00:00.000000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "CVE-2015-8214: Added CVSSv4.0 vector; SIMATIC CP 342-5, SIMATIC CP 443-5 Basic, SIMATIC CP 443-5 Extended: Clarified that no fix is planned and added product specific impact description and CVSS vectors; Expanded affected product families to individual products, incl. MLFB IDs"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 342-5 (6GK7342-5DA02-0XE0)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6GK7342-5DA02-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 342-5 (6GK7342-5DA02-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 342-5 (6GK7342-5DA03-0XE0)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6GK7342-5DA03-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 342-5 (6GK7342-5DA03-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 342-5 FO (6GK7342-5DF00-0XE0)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6GK7342-5DF00-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 342-5 FO (6GK7342-5DF00-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1.1",
"product": {
"name": "SIMATIC CP 343-1 (6GK7343-1EX30-0XE0)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6GK7343-1EX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 343-1 (6GK7343-1EX30-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.0.44",
"product": {
"name": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6GK7343-1GX31-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1.1",
"product": {
"name": "SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6GK7343-1CX10-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIMATIC CP 443-1 (6GK7443-1EX30-0XE0)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6GK7443-1EX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-1 (6GK7443-1EX30-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIMATIC CP 443-1 (6GK7443-1EX30-0XE1)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6GK7443-1EX30-0XE1"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-1 (6GK7443-1EX30-0XE1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6GK7443-1GX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 443-5 Basic (6GK7443-5FX02-0XE0)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6GK7443-5FX02-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-5 Basic (6GK7443-5FX02-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE0)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6GK7443-5DX05-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE1)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6GK7443-5DX05-0XE1"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS NET CP342-5 (6AG1342-5DA03-7XE0)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6AG1342-5DA03-7XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP342-5 (6AG1342-5DA03-7XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1.1",
"product": {
"name": "SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0)",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"6AG1343-1EX30-7XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.0.44",
"product": {
"name": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0)",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"6AG1343-1GX31-4XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1.1",
"product": {
"name": "SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0)",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"6AG1343-1CX10-2XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0)",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"6AG1443-1EX30-4XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0)",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"6AG1443-1GX30-4XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS NET CP 443-5 (6AG1443-5DX05-4XE0)",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"6AG1443-5DX05-4XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 443-5 (6AG1443-5DX05-4XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "SIPLUS NET TIM 3V-IE (6AG1800-3BA00-7AA0)",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"6AG1800-3BA00-7AA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET TIM 3V-IE (6AG1800-3BA00-7AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1",
"product": {
"name": "SIPLUS NET TIM 3V-IE DNP3 (6AG1803-3BA00-7AA0)",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"model_numbers": [
"6AG1803-3BA00-7AA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET TIM 3V-IE DNP3 (6AG1803-3BA00-7AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "SIPLUS NET TIM 4R-IE (6AG1800-4BA00-7AA0)",
"product_id": "CSAFPID-0022",
"product_identification_helper": {
"model_numbers": [
"6AG1800-4BA00-7AA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET TIM 4R-IE (6AG1800-4BA00-7AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1",
"product": {
"name": "SIPLUS NET TIM 4R-IE DNP3 (6AG1803-4BA00-7AA0)",
"product_id": "CSAFPID-0023",
"product_identification_helper": {
"model_numbers": [
"6AG1803-4BA00-7AA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET TIM 4R-IE DNP3 (6AG1803-4BA00-7AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "TIM 3V-IE (6NH7800-3BA00)",
"product_id": "CSAFPID-0024",
"product_identification_helper": {
"model_numbers": [
"6NH7800-3BA00"
]
}
}
}
],
"category": "product_name",
"name": "TIM 3V-IE (6NH7800-3BA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "TIM 3V-IE Advanced (6NH7800-3CA00)",
"product_id": "CSAFPID-0025",
"product_identification_helper": {
"model_numbers": [
"6NH7800-3CA00"
]
}
}
}
],
"category": "product_name",
"name": "TIM 3V-IE Advanced (6NH7800-3CA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1",
"product": {
"name": "TIM 3V-IE DNP3 (6NH7803-3BA00-0AA0)",
"product_id": "CSAFPID-0026",
"product_identification_helper": {
"model_numbers": [
"6NH7803-3BA00-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "TIM 3V-IE DNP3 (6NH7803-3BA00-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "TIM 4R-IE (6NH7800-4BA00)",
"product_id": "CSAFPID-0027",
"product_identification_helper": {
"model_numbers": [
"6NH7800-4BA00"
]
}
}
}
],
"category": "product_name",
"name": "TIM 4R-IE (6NH7800-4BA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1",
"product": {
"name": "TIM 4R-IE DNP3 (6NH7803-4BA00-0AA0)",
"product_id": "CSAFPID-0028",
"product_identification_helper": {
"model_numbers": [
"6NH7803-4BA00-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "TIM 4R-IE DNP3 (6NH7803-4BA00-0AA0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8214",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs.",
"title": "Summary"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 342-5"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 342-5"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 342-5 FO"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 443-5 Basic"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 443-5 Extended"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 443-5 Extended"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIPLUS NET CP 443-5"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIPLUS NET CP342-5"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0019"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.6 or later version",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0027"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109481769/"
},
{
"category": "vendor_fix",
"details": "Update to V2.6 or later version",
"product_ids": [
"CSAFPID-0020",
"CSAFPID-0024",
"CSAFPID-0025"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109481769/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.44 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0015"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109742236/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"CSAFPID-0023",
"CSAFPID-0028"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109481765/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"CSAFPID-0021",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109481766/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1.1 or later version",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0006",
"CSAFPID-0014",
"CSAFPID-0016"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109486101/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.9 or later version",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0017",
"CSAFPID-0018"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109482246/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0010"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0011"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0012"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0019"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0013"
]
}
],
"title": "CVE-2015-8214"
}
]
}
ghsa-jc83-h8w6-gwfh
Vulnerability from github
Published
2022-05-13 01:10
Modified
2022-05-13 01:10
VLAI Severity ?
Details
A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.
{
"affected": [],
"aliases": [
"CVE-2015-8214"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-11-27T15:59:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs.",
"id": "GHSA-jc83-h8w6-gwfh",
"modified": "2022-05-13T01:10:40Z",
"published": "2022-05-13T01:10:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8214"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/78345"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034279"
},
{
"type": "WEB",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2021-AVI-255
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | LOGO! Soft Comfort toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R2 | ||
| Siemens | N/A | Solid Edge SE2021 versions antérieures à SE2021MP4 | ||
| Siemens | N/A | SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.2.9 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R3 | ||
| Siemens | N/A | Nucleus NET versions antérieures à 5.2 | ||
| Siemens | N/A | TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions antérieures à V2.6.0 | ||
| Siemens | N/A | SiNVR/SiVMS Video Server toutes versions | ||
| Siemens | N/A | Nucleus RTOS versions contenant le module DNS affecté | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.0.44 | ||
| Siemens | N/A | Solid Edge SE2020 toutes versions | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions antérieures à V3.1.1 | ||
| Siemens | N/A | SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions | ||
| Siemens | N/A | Opcenter Quality versions antérieures à 12.2 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R1 | ||
| Siemens | N/A | SIMATIC NET CP 443-5 Extended toutes versions | ||
| Siemens | N/A | VSTAR versions contenant le module DNS affecté | ||
| Siemens | N/A | Control Center Server (CCS) toutes versions | ||
| Siemens | N/A | TIM 4R-IE (incl. SIPLUS NET variants) toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R1 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à 3.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R2 | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.1.1 | ||
| Siemens | N/A | SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.2.9 | ||
| Siemens | N/A | SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2018 R2 | ||
| Siemens | N/A | Nucleus ReadyStart toutes versions | ||
| Siemens | N/A | Nucleus 4 versions antérieures à 4.1.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2018 R3 | ||
| Siemens | N/A | QMS Automotive versions antérieures à 12.30 | ||
| Siemens | N/A | Tecnomatix RobotExpert versions antérieures à 16.1 | ||
| Siemens | N/A | TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions antérieures à V3.1.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R3 | ||
| Siemens | N/A | Nucleus Source Code versions contenant le module DNS affecté | ||
| Siemens | N/A | TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions | ||
| Siemens | N/A | SIMOTICS CONNECT 400 toutes verions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "LOGO! Soft Comfort toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2021 versions ant\u00e9rieures \u00e0 SE2021MP4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus NET versions ant\u00e9rieures \u00e0 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 V2.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiNVR/SiVMS Video Server toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus RTOS versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.0.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2020 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Opcenter Quality versions ant\u00e9rieures \u00e0 12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-5 Extended toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "VSTAR versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Control Center Server (CCS) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE (incl. SIPLUS NET variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2018 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus 4 versions ant\u00e9rieures \u00e0 4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2018 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "QMS Automotive versions ant\u00e9rieures \u00e0 12.30",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix RobotExpert versions ant\u00e9rieures \u00e0 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus Source Code versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTICS CONNECT 400 toutes verions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27009",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27009"
},
{
"name": "CVE-2015-7855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7855"
},
{
"name": "CVE-2019-18339",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18339"
},
{
"name": "CVE-2016-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
},
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2016-4953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
},
{
"name": "CVE-2021-27389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27389"
},
{
"name": "CVE-2021-27382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27382"
},
{
"name": "CVE-2020-27736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27736"
},
{
"name": "CVE-2021-27380",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27380"
},
{
"name": "CVE-2015-5219",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5219"
},
{
"name": "CVE-2016-1550",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2021-27392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27392"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2021-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25663"
},
{
"name": "CVE-2020-15795",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15795"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2016-4954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
},
{
"name": "CVE-2021-25664",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25664"
},
{
"name": "CVE-2020-25243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25243"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-8214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
},
{
"name": "CVE-2019-19299",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19299"
},
{
"name": "CVE-2020-28385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28385"
},
{
"name": "CVE-2021-25678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25678"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2021-27393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27393"
},
{
"name": "CVE-2020-25244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25244"
},
{
"name": "CVE-2019-18340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18340"
},
{
"name": "CVE-2021-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25670"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-7871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7871"
},
{
"name": "CVE-2020-27738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27738"
},
{
"name": "CVE-2019-19298",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19298"
},
{
"name": "CVE-2020-26997",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26997"
},
{
"name": "CVE-2019-19291",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19291"
},
{
"name": "CVE-2020-27737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27737"
},
{
"name": "CVE-2019-19297",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19297"
},
{
"name": "CVE-2016-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
},
{
"name": "CVE-2021-25677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25677"
},
{
"name": "CVE-2019-19296",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19296"
}
],
"initial_release_date": "2021-04-14T00:00:00",
"last_revision_date": "2021-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-255",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-788287 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-248289 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-853866 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-185699 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-983300 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844761 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-163226 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-497656 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761617 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-669158 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-574442 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705111 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-292794 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761844 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]
}
CERTFR-2020-AVI-077
Vulnerability from certfr_avis
Cet avis concerne une mise à jour en date du 10 février 2020 de 58 avis Siemens (cf. section documentation). Les avis Siemens listent désormais les variantes SIPLUS parmi les systèmes affectés.
De multiples vulnérabilités ont été découvertes dans les produits Siemens de variante SIPLUS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
[Important] Certains avis étant anciens et étant donné le nombre de vulnérabilités traitées par les bulletins, le CERT-FR recommande de déterminer la version applicable pour chaque configuration et d'appliquer les mesures de protection établies par l'éditeur dans la section "workarounds and migitations" des bulletins de sécurité (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | CP 343-1 Advanced variante SIPLUS versions antérieures à 3.0.44 | ||
| Siemens | N/A | SITOP UPS1600 PROFINET variante SIPLUS versions antérieures à 2.2.0 | ||
| Siemens | N/A | SIMATIC IPC427D et IPC427E variante SIPLUS BIOS versions antérieures à V17.0x.14 et V21.01.18 | ||
| Siemens | N/A | CP 343-1 tous types et variante SIPLUS toutes versions antérieures à 3.1.1 | ||
| Siemens | N/A | CP 1543-1 variante SIPLUS versions antérieures à 2.1 | ||
| Siemens | N/A | SCALANCE X414 variante SIPLUS versions antérieures à 3.10.2 | ||
| Siemens | N/A | TIM 1531 IRC variante SIPLUS versions antérieures à 2.0 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU variante SIPLUS versions antérieures à 4.1.3 4.3 | ||
| Siemens | N/A | TIM 4R-IE variante SIPLUS versions antérieures à 2.6.0 | ||
| Siemens | N/A | CP 1243-1 tous types et variante SIPLUS versions antérieures à 3.1 | ||
| Siemens | N/A | SIMATIC S7-400 tous types en variante SIPLUS toutes versions | ||
| Siemens | N/A | SCALANCE X-200IRT variante SIPLUS versions antérieures à 5.4.0 | ||
| Siemens | N/A | SCALANCE X-300 variante SIPLUS versions antérieures à 4.1.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU variante SIPLUS versions antérieures à 2.5 2.6 | ||
| Siemens | N/A | LOGO!8 BM variante SIPLUS toutes versions | ||
| Siemens | N/A | SINAMICS G120(C/P/D) avec PN variante SIPLUS versions antérieures à 4.7 SP9 HF1 | ||
| Siemens | N/A | SIMOCODE pro V PN variante SIPLUS versions antérieures à 2.1.1 | ||
| Siemens | N/A | SIMATIC S7-410 CPU variante SIPLUS variante SIPLUS versions antérieures à 8.2.1 | ||
| Siemens | N/A | SINAMICS S120 variante SIPLUS versions antérieures à 4.7 HF29, 4.8 HF5 et 5.1 SP1 | ||
| Siemens | N/A | SIMATIC ET200pro et ET200S variante SIPLUS toutes versions | ||
| Siemens | N/A | SCALANCE X-200 variante SIPLUS versions antérieures à 5.2.2 | ||
| Siemens | N/A | IE/PB-Link variante SIPLUS versions antérieures à 3.0 | ||
| Siemens | N/A | SIMATIC ET200M variante SIPLUS toutes versions | ||
| Siemens | N/A | SIMATIC S7-300 CPU sans support PROFINET variante SIPLUS versions antérieures à 3.X.16 | ||
| Siemens | N/A | SIMATIC ET200MP variante SIPLUS versions antérieures à 4.2 | ||
| Siemens | N/A | SIMOCODE pro V EIP variante SIPLUS versions antérieures à 1.0.2 | ||
| Siemens | N/A | SIMATIC ET200SP Open Controller variante SIPLUS versions antérieures à 2.6 et 4.2 | ||
| Siemens | N/A | SIMATIC PN/PN Coupler variante SIPLUS versions antérieures à 4.2.0 | ||
| Siemens | N/A | TIM 4R-IE DNP3 variante SIPLUS versions antérieures à 3.1.0 | ||
| Siemens | N/A | CP 1542SP-1 et 1543SP-1 variante SIPLUS versions antérieures à 1.0.15 | ||
| Siemens | N/A | IM 3V-IE / TIM 3V-IE Advanced variante SIPLUS versions antérieures à 2.6.0 | ||
| Siemens | N/A | SIMOTION variante SIPLUS versions antérieures à 5.1 HF1 | ||
| Siemens | N/A | TIM 3V-IE DNP3 variante SIPLUS versions antérieures à 3.1.0 | ||
| Siemens | N/A | CP 443-1 tous types et variante SIPLUS toutes versions antérieures à 3.2.9 3.2.17 | ||
| Siemens | N/A | SIMATIC HMI Basic Panels 2nd Generation, Comfort 15-22, Comfort 4-12, Comfort Pro Panels variante SIPLUS versions antérieures à V14 SP1 Upd 6 et V15.1 Upd 1 | ||
| Siemens | N/A | SIMATIC S7-300 CPU avec support PROFINET variante SIPLUS versions antérieures à 3.X.16 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CP 343-1 Advanced variante SIPLUS versions ant\u00e9rieures \u00e0 3.0.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 2.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427D et IPC427E variante SIPLUS BIOS versions ant\u00e9rieures \u00e0 V17.0x.14 et V21.01.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 343-1 tous types et variante SIPLUS toutes versions ant\u00e9rieures \u00e0 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 1543-1 variante SIPLUS versions ant\u00e9rieures \u00e0 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X414 variante SIPLUS versions ant\u00e9rieures \u00e0 3.10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC variante SIPLUS versions ant\u00e9rieures \u00e0 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU variante SIPLUS versions ant\u00e9rieures \u00e0 4.1.3 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE variante SIPLUS versions ant\u00e9rieures \u00e0 2.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 1243-1 tous types et variante SIPLUS versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 tous types en variante SIPLUS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT variante SIPLUS versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 variante SIPLUS versions ant\u00e9rieures \u00e0 4.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU variante SIPLUS versions ant\u00e9rieures \u00e0 2.5 2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO!8 BM variante SIPLUS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G120(C/P/D) avec PN variante SIPLUS versions ant\u00e9rieures \u00e0 4.7 SP9 HF1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE pro V PN variante SIPLUS versions ant\u00e9rieures \u00e0 2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-410 CPU variante SIPLUS variante SIPLUS versions ant\u00e9rieures \u00e0 8.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 variante SIPLUS versions ant\u00e9rieures \u00e0 4.7 HF29, 4.8 HF5 et 5.1 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200pro et ET200S variante SIPLUS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 variante SIPLUS versions ant\u00e9rieures \u00e0 5.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IE/PB-Link variante SIPLUS versions ant\u00e9rieures \u00e0 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200M variante SIPLUS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU sans support PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 3.X.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP variante SIPLUS versions ant\u00e9rieures \u00e0 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE pro V EIP variante SIPLUS versions ant\u00e9rieures \u00e0 1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP Open Controller variante SIPLUS versions ant\u00e9rieures \u00e0 2.6 et 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler variante SIPLUS versions ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE DNP3 variante SIPLUS versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 1542SP-1 et 1543SP-1 variante SIPLUS versions ant\u00e9rieures \u00e0 1.0.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IM 3V-IE / TIM 3V-IE Advanced variante SIPLUS versions ant\u00e9rieures \u00e0 2.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION variante SIPLUS versions ant\u00e9rieures \u00e0 5.1 HF1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 3V-IE DNP3 variante SIPLUS versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP 443-1 tous types et variante SIPLUS toutes versions ant\u00e9rieures \u00e0 3.2.9 3.2.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Basic Panels 2nd Generation, Comfort 15-22, Comfort 4-12, Comfort Pro Panels variante SIPLUS versions ant\u00e9rieures \u00e0 V14 SP1 Upd 6 et V15.1 Upd 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU avec support PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 3.X.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\n**\\[Important\\]** Certains avis \u00e9tant anciens et \u00e9tant donn\u00e9 le nombre\nde vuln\u00e9rabilit\u00e9s trait\u00e9es par les bulletins, le CERT-FR recommande de\nd\u00e9terminer la version applicable pour chaque configuration et\nd\u0027appliquer les mesures de protection \u00e9tablies par l\u0027\u00e9diteur dans la\nsection \"workarounds and migitations\" des bulletins de s\u00e9curit\u00e9 (cf.\nsection Documentation).\n\n\u00a0\n",
"cves": [
{
"name": "CVE-2016-8561",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8561"
},
{
"name": "CVE-2014-2909",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2909"
},
{
"name": "CVE-2014-2248",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2248"
},
{
"name": "CVE-2014-2254",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2254"
},
{
"name": "CVE-2018-16558",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16558"
},
{
"name": "CVE-2014-2246",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2246"
},
{
"name": "CVE-2016-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2200"
},
{
"name": "CVE-2014-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2251"
},
{
"name": "CVE-2014-2255",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2255"
},
{
"name": "CVE-2013-0700",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0700"
},
{
"name": "CVE-2014-8479",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8479"
},
{
"name": "CVE-2017-2680",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2680"
},
{
"name": "CVE-2014-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2908"
},
{
"name": "CVE-2014-2258",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2258"
},
{
"name": "CVE-2014-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2257"
},
{
"name": "CVE-2018-16556",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16556"
},
{
"name": "CVE-2014-8478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8478"
},
{
"name": "CVE-2017-12741",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12741"
},
{
"name": "CVE-2015-8214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
},
{
"name": "CVE-2018-13807",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13807"
},
{
"name": "CVE-2014-2259",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2259"
},
{
"name": "CVE-2013-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2780"
},
{
"name": "CVE-2018-16561",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16561"
},
{
"name": "CVE-2014-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2253"
},
{
"name": "CVE-2018-4850",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4850"
},
{
"name": "CVE-2015-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1048"
},
{
"name": "CVE-2018-16559",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16559"
},
{
"name": "CVE-2016-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2201"
},
{
"name": "CVE-2014-2247",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2247"
},
{
"name": "CVE-2014-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2249"
},
{
"name": "CVE-2014-2250",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2250"
},
{
"name": "CVE-2018-16557",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16557"
},
{
"name": "CVE-2016-2846",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2846"
},
{
"name": "CVE-2015-5698",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5698"
},
{
"name": "CVE-2014-2256",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2256"
},
{
"name": "CVE-2016-8562",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8562"
},
{
"name": "CVE-2016-3949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3949"
},
{
"name": "CVE-2015-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2177"
},
{
"name": "CVE-2014-2252",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2252"
}
],
"initial_release_date": "2020-02-11T00:00:00",
"last_revision_date": "2020-02-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-818183 du 08 juin 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-268644 du 09 septembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"title": "Avis CERTFR-2018-AVI-429",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-429/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-892715 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-994726 du 05 mars 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf"
},
{
"title": "Avis CERTFR-2015-AVI-090",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2015-AVI-090/"
},
{
"title": "Avis CERTFR-2018-AVI-235",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-235/"
},
{
"title": "Avis CERTFR-2014-AVI-137",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2014-AVI-137/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-447396 du 11 septembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-987029 du 05 mars 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-240718 du 13 septembre 2012",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-240718.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-168644 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-180635 du 08 janvier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-293562 du 08 mai 2017",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-310688 du 14 ao\u00fbt 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-546832 du 03 mai 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-100232 du 13 ao\u00fbt 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914382 du 15 mai 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-744850 du 11 juin 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-134003 du 27 ao\u00fbt 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
},
{
"title": "Avis CERTFR-2016-AVI-384",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-384/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-321046 du 19 janvier 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf"
},
{
"title": "Avis CERTFR-2018-AVI-543",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-543/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-306710 du 08 janvier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-944083 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-724606 du 20 d\u00e9cembre 2012",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-253230 du 08 f\u00e9vrier 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-346262 du 23 novembre 2017",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-179516 du 07 ao\u00fbt 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf"
},
{
"title": "Avis CERTFR-2015-AVI-364",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2015-AVI-364/"
},
{
"title": "Avis CERTFR-2017-AVI-140",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-140/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-584286 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-874235 du 26 juin 2017",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-234763 du 17 juillet 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-742938 du 04 d\u00e9cembre 2013",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf"
},
{
"title": "Avis CERTFR-2017-AVI-428",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-428/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-892012 du 24 avril 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-087240 du 30 ao\u00fbt 2017",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"
},
{
"title": "Avis CERTFR-2019-AVI-004",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-004/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-850708 du 11 septembre 2013",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-110922 du 27 mars 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-507847 du 09 octobre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-113131 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-176087 du 01 octobre 2013",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 27 novembre 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-623229 du 08 avril 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-592007 du 20 mars 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
},
{
"title": "Avis CERTFR-2016-AVI-196",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-196/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-233109 du 13 novembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-954136 du 02 f\u00e9vrier 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-672373 du 18 novembre 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
},
{
"title": "Avis CERTFR-2014-AVI-126",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2014-AVI-126/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-487246 du 08 avril 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-347726 du 09 octobre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-254686 du 09 octobre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-279823 du 08 octobre 2012",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-279823.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-982399 du 11 d\u00e9cembre 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-456423 du 12 mars 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf"
},
{
"title": "Avis CERTFR-2016-AVI-062",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-062/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-635659 du 15 avril 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-130874 du 05 avril 2012",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-130874.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-141614 du 09 avril 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-597212 du 21 janvier 2015",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-654382 du 20 mars 2014",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-833048 du 14 mars 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-625789 du 10 juin 2011",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-625789.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-731239 du 09 d\u00e9cembre 2016",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-470231 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
}
],
"reference": "CERTFR-2020-AVI-077",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-11T00:00:00.000000"
},
{
"description": "int\u00e9gration des 58 avis",
"revision_date": "2020-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "\u003cstrong\u003eCet avis concerne une mise \u00e0 jour en date du 10 f\u00e9vrier 2020 de 58\navis Siemens (cf. section documentation). Les avis Siemens listent\nd\u00e9sormais les variantes SIPLUS parmi les syst\u00e8mes affect\u00e9s.\u003c/strong\u003e\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens de variante SIPLUS. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens de variante SIPLUS",
"vendor_advisories": []
}
fkie_cve-2015-8214
Vulnerability from fkie_nvd
Published
2015-11-27 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/78345 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1034279 | ||
| cve@mitre.org | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf | Vendor Advisory | |
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/78345 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034279 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_cp_443-1_firmware | * | |
| siemens | simatic_cp_443-1_firmware | * | |
| siemens | simatic_cp_443-1 | * | |
| siemens | simatic_tim_4r-ie_firmware | * | |
| siemens | simatic_tim_4r-ie_firmware | * | |
| siemens | simatic_tim_4r-ie | * | |
| siemens | simatic_cp_343-1_firmware | * | |
| siemens | simatic_cp_343-1_firmware | * | |
| siemens | simatic_cp_343-1 | - | |
| siemens | simatic_tim_3v-ie_firmware | - | |
| siemens | simatic_tim_3v-ie_firmware | - | |
| siemens | simatic_tim_3v-ie_firmware | - | |
| siemens | simatic_tim_3v-ie | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88638890-5ABE-4824-A41F-FCF30532A538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "9296A7D4-7F72-4D8A-9863-7CF8B5CEEAAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "733EA356-41B9-47E9-8E17-0988D84CCEF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7572C2D-6B45-4DE4-9488-77A77437E3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:dnp3:*:*:*",
"matchCriteriaId": "5CDFD9DA-A370-47C2-A2CB-B4A71268A9CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_tim_4r-ie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA23503-444E-427A-B6A5-021AC6FE72CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:lean:*:*:*",
"matchCriteriaId": "BF2877DF-4B20-4719-9046-BB368E5873DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "B1CD1E2E-4220-4FC1-BB19-2812D4354BF9",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C100D7C1-EAD2-455D-8A72-5BBBD85F2F77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A429DF-6ED6-4235-9C2D-699CA577347A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:advanced:*:*:*",
"matchCriteriaId": "138A9472-BE23-4107-BB6D-3E6C150EC4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:dnp3:*:*:*",
"matchCriteriaId": "B969E93A-18C8-4422-B544-57F8CF83A963",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_tim_3v-ie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF29ECAA-CAB2-4B50-A348-A6EC50E0BDC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC NET CP 342-5 (incl. variantes de SIPLUS) (Todas las versiones), SIMATIC NET CP 343-1 Advanced (incl. variantes de SIPLUS) (Todas las versiones anteriores a V3.0.44), SIMATIC NET CP 343-1 Lean (incl. variantes de SIPLUS) (Todas las versiones anteriores a V3.1.1). variantes SIPLUS) (Todas las versiones anteriores a V3.1.1), SIMATIC NET CP 343-1 Standard (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.2.9), SIMATIC NET CP 443-1 Standard (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.0.44) SIPLUS) (Todas las versiones anteriores a V3.2.9), SIMATIC NET CP 443-5 Basic (incl. variantes SIPLUS) (Todas las versiones), SIMATIC NET CP 443-5 Extended (Todas las versiones), TIM 3V-IE / TIM 3V-IE Advanced (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V2. 6.0), TIM 3V-IE DNP3 (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V3.1.0), TIM 4R-IE (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V2.6.0), TIM 4R-IE DNP3 (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V3.1.0). La aplicaci\u00f3n del nivel de protecci\u00f3n de acceso implementado en los procesadores de comunicaci\u00f3n (CP) afectados podr\u00eda permitir a usuarios no autentificados realizar operaciones administrativas en los CP si el acceso a la red (puerto 102/TCP) est\u00e1 disponible y la configuraci\u00f3n de los CP se almacen\u00f3 en sus correspondientes CPU"
}
],
"id": "CVE-2015-8214",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-27T15:59:00.133",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/78345"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034279"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/78345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201511-0184
Vulnerability from variot
A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs. Siemens SIMATIC Multiple devices have vulnerabilities that can gain administrative access.By a third party TCP port 102 You may gain administrative access through the above session. Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 is a communication module. Siemens SIMATIC CP 343-1 Advanced device prior to 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R- IE DNP3, CP 443-1, CP 443-1 Advanced has a security vulnerability in the implementation of the access protection layer, allowing unauthenticated remote attackers to exploit this vulnerability to gain administrator access through sessions on TCP port 102. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic tim 3v-ie",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "lean"
},
{
"model": "simatic cp 443-1",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "advanced"
},
{
"model": "simatic tim 4r-ie",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "dnp3"
},
{
"model": "simatic tim 4r-ie",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 343-1",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic cp 443-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 343-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 343-1",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "none"
},
{
"model": "simatic cp 343-1",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "advanced ( firmware 3.0.44 )"
},
{
"model": "simatic cp 343-1",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "3.0.44 (advanced)"
},
{
"model": "simatic cp 343-1",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "none"
},
{
"model": "simatic cp 443-1",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic tim 3v-ie",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "none"
},
{
"model": "simatic tim 3v-ie",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "advanced"
},
{
"model": "simatic tim 3v-ie",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "dnp3"
},
{
"model": "simatic tim 4r-ie",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "none"
},
{
"model": "simatic tim 4r-ie",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic tim 3v ie",
"version": null
},
{
"model": "simatic cp advanced devices",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1\u003c3.0.44"
},
{
"model": "cp lean devices",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "cp devices",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "343-1"
},
{
"model": "tim 3v-ie devices",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "tim 3v-ie advanced devices",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "tim 3v-ie dnp3 devices",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "tim 4r-ie devices",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "tim 4r-ie dnp3 devices",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp devices",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "443-1"
},
{
"model": "cp advanced devices",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "443-1"
},
{
"model": "simatic cp 343-1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic tim 4r-ie",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic cp 443 1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic tim 4r ie",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic cp 343 1",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-434"
},
{
"db": "NVD",
"id": "CVE-2015-8214"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:siemens:simatic_cp_343-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:simatic_cp_443-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:simatic_tim_3v-ie",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_tim_3v-ie_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:simatic_tim_4r-ie",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_tim_4r-ie_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lei ChengLin (Z-0ne) from Fengtai Technologies.",
"sources": [
{
"db": "BID",
"id": "78345"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-8214",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07864",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-86175",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8214",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-8214",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07864",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-434",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-86175",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"db": "VULHUB",
"id": "VHN-86175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-434"
},
{
"db": "NVD",
"id": "CVE-2015-8214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs. Siemens SIMATIC Multiple devices have vulnerabilities that can gain administrative access.By a third party TCP port 102 You may gain administrative access through the above session. Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 is a communication module. Siemens SIMATIC CP 343-1 Advanced device prior to 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R- IE DNP3, CP 443-1, CP 443-1 Advanced has a security vulnerability in the implementation of the access protection layer, allowing unauthenticated remote attackers to exploit this vulnerability to gain administrator access through sessions on TCP port 102. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology)",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"db": "BID",
"id": "78345"
},
{
"db": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-86175"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8214",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-763427",
"trust": 2.3
},
{
"db": "BID",
"id": "78345",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1034279",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201511-434",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07864",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-335-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-335-03A",
"trust": 0.6
},
{
"db": "IVD",
"id": "6BF20E1E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-86175",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"db": "VULHUB",
"id": "VHN-86175"
},
{
"db": "BID",
"id": "78345"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-434"
},
{
"db": "NVD",
"id": "CVE-2015-8214"
}
]
},
"id": "VAR-201511-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"db": "VULHUB",
"id": "VHN-86175"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07864"
}
]
},
"last_update_date": "2024-11-23T23:12:37.447000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-763427",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"title": "Patch for Siemens SIMATIC Communicator Module Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/67396"
},
{
"title": "Multiple Siemens SIMATIC Product Privilege License and Access Control Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58866"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-434"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"db": "NVD",
"id": "CVE-2015-8214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/78345"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034279"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8214"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-03"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8214"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-15-335-03a"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"db": "VULHUB",
"id": "VHN-86175"
},
{
"db": "BID",
"id": "78345"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-434"
},
{
"db": "NVD",
"id": "CVE-2015-8214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"db": "VULHUB",
"id": "VHN-86175"
},
{
"db": "BID",
"id": "78345"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-434"
},
{
"db": "NVD",
"id": "CVE-2015-8214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-01T00:00:00",
"db": "IVD",
"id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"date": "2015-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-86175"
},
{
"date": "2015-11-27T00:00:00",
"db": "BID",
"id": "78345"
},
{
"date": "2015-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"date": "2015-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-434"
},
{
"date": "2015-11-27T15:59:00.133000",
"db": "NVD",
"id": "CVE-2015-8214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07864"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-86175"
},
{
"date": "2015-12-08T22:20:00",
"db": "BID",
"id": "78345"
},
{
"date": "2015-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006055"
},
{
"date": "2021-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-434"
},
{
"date": "2024-11-21T02:38:06.013000",
"db": "NVD",
"id": "CVE-2015-8214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-434"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC Vulnerabilities that allow multiple devices to gain administrative access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006055"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-434"
}
],
"trust": 0.6
}
}
ssa-763427
Vulnerability from csaf_siemens
Published
2015-11-27 00:00
Modified
2025-07-08 00:00
Summary
SSA-763427: Authentication Bypass Vulnerability in SIMATIC CP and TIM Devices
Notes
Summary
SIMATIC CP and TIM devices contain an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SIMATIC CP and TIM devices contain an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-763427: Authentication Bypass Vulnerability in SIMATIC CP and TIM Devices - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-763427.html"
},
{
"category": "self",
"summary": "SSA-763427: Authentication Bypass Vulnerability in SIMATIC CP and TIM Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-763427.json"
}
],
"title": "SSA-763427: Authentication Bypass Vulnerability in SIMATIC CP and TIM Devices",
"tracking": {
"current_release_date": "2025-07-08T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-763427",
"initial_release_date": "2015-11-27T00:00:00Z",
"revision_history": [
{
"date": "2015-11-27T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2016-01-29T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix information for SIMATIC TIM 3V-IE and TIM 4R-IE modules"
},
{
"date": "2016-02-01T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix information for SIMATIC CP 443-1 / CP 443-1 Advanced"
},
{
"date": "2016-04-29T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix information for SIMATIC CP343-1 Lean / CP 343-1"
},
{
"date": "2020-02-10T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "SIPLUS devices now explicitly mentioned in the list of affected products"
},
{
"date": "2021-04-13T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Clarified product names and added SIMATIC NET CP PROFIBUS devices"
},
{
"date": "2025-07-08T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "CVE-2015-8214: Added CVSSv4.0 vector; SIMATIC CP 342-5, SIMATIC CP 443-5 Basic, SIMATIC CP 443-5 Extended: Clarified that no fix is planned and added product specific impact description and CVSS vectors; Expanded affected product families to individual products, incl. MLFB IDs"
}
],
"status": "interim",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 342-5 (6GK7342-5DA02-0XE0)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6GK7342-5DA02-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 342-5 (6GK7342-5DA02-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 342-5 (6GK7342-5DA03-0XE0)",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"6GK7342-5DA03-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 342-5 (6GK7342-5DA03-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 342-5 FO (6GK7342-5DF00-0XE0)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"6GK7342-5DF00-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 342-5 FO (6GK7342-5DF00-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1.1",
"product": {
"name": "SIMATIC CP 343-1 (6GK7343-1EX30-0XE0)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"6GK7343-1EX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 343-1 (6GK7343-1EX30-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.0.44",
"product": {
"name": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"6GK7343-1GX31-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1.1",
"product": {
"name": "SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0)",
"product_id": "6",
"product_identification_helper": {
"model_numbers": [
"6GK7343-1CX10-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIMATIC CP 443-1 (6GK7443-1EX30-0XE0)",
"product_id": "7",
"product_identification_helper": {
"model_numbers": [
"6GK7443-1EX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-1 (6GK7443-1EX30-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIMATIC CP 443-1 (6GK7443-1EX30-0XE1)",
"product_id": "8",
"product_identification_helper": {
"model_numbers": [
"6GK7443-1EX30-0XE1"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-1 (6GK7443-1EX30-0XE1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0)",
"product_id": "9",
"product_identification_helper": {
"model_numbers": [
"6GK7443-1GX30-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 443-5 Basic (6GK7443-5FX02-0XE0)",
"product_id": "10",
"product_identification_helper": {
"model_numbers": [
"6GK7443-5FX02-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-5 Basic (6GK7443-5FX02-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE0)",
"product_id": "11",
"product_identification_helper": {
"model_numbers": [
"6GK7443-5DX05-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE1)",
"product_id": "12",
"product_identification_helper": {
"model_numbers": [
"6GK7443-5DX05-0XE1"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 443-5 Extended (6GK7443-5DX05-0XE1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS NET CP342-5 (6AG1342-5DA03-7XE0)",
"product_id": "13",
"product_identification_helper": {
"model_numbers": [
"6AG1342-5DA03-7XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP342-5 (6AG1342-5DA03-7XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1.1",
"product": {
"name": "SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0)",
"product_id": "14",
"product_identification_helper": {
"model_numbers": [
"6AG1343-1EX30-7XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.0.44",
"product": {
"name": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0)",
"product_id": "15",
"product_identification_helper": {
"model_numbers": [
"6AG1343-1GX31-4XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1.1",
"product": {
"name": "SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0)",
"product_id": "16",
"product_identification_helper": {
"model_numbers": [
"6AG1343-1CX10-2XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0)",
"product_id": "17",
"product_identification_helper": {
"model_numbers": [
"6AG1443-1EX30-4XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.2.9",
"product": {
"name": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0)",
"product_id": "18",
"product_identification_helper": {
"model_numbers": [
"6AG1443-1GX30-4XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS NET CP 443-5 (6AG1443-5DX05-4XE0)",
"product_id": "19",
"product_identification_helper": {
"model_numbers": [
"6AG1443-5DX05-4XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET CP 443-5 (6AG1443-5DX05-4XE0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "SIPLUS NET TIM 3V-IE (6AG1800-3BA00-7AA0)",
"product_id": "20",
"product_identification_helper": {
"model_numbers": [
"6AG1800-3BA00-7AA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET TIM 3V-IE (6AG1800-3BA00-7AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1",
"product": {
"name": "SIPLUS NET TIM 3V-IE DNP3 (6AG1803-3BA00-7AA0)",
"product_id": "21",
"product_identification_helper": {
"model_numbers": [
"6AG1803-3BA00-7AA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET TIM 3V-IE DNP3 (6AG1803-3BA00-7AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "SIPLUS NET TIM 4R-IE (6AG1800-4BA00-7AA0)",
"product_id": "22",
"product_identification_helper": {
"model_numbers": [
"6AG1800-4BA00-7AA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET TIM 4R-IE (6AG1800-4BA00-7AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1",
"product": {
"name": "SIPLUS NET TIM 4R-IE DNP3 (6AG1803-4BA00-7AA0)",
"product_id": "23",
"product_identification_helper": {
"model_numbers": [
"6AG1803-4BA00-7AA0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET TIM 4R-IE DNP3 (6AG1803-4BA00-7AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "TIM 3V-IE (6NH7800-3BA00)",
"product_id": "24",
"product_identification_helper": {
"model_numbers": [
"6NH7800-3BA00"
]
}
}
}
],
"category": "product_name",
"name": "TIM 3V-IE (6NH7800-3BA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "TIM 3V-IE Advanced (6NH7800-3CA00)",
"product_id": "25",
"product_identification_helper": {
"model_numbers": [
"6NH7800-3CA00"
]
}
}
}
],
"category": "product_name",
"name": "TIM 3V-IE Advanced (6NH7800-3CA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1",
"product": {
"name": "TIM 3V-IE DNP3 (6NH7803-3BA00-0AA0)",
"product_id": "26",
"product_identification_helper": {
"model_numbers": [
"6NH7803-3BA00-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "TIM 3V-IE DNP3 (6NH7803-3BA00-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2.6",
"product": {
"name": "TIM 4R-IE (6NH7800-4BA00)",
"product_id": "27",
"product_identification_helper": {
"model_numbers": [
"6NH7800-4BA00"
]
}
}
}
],
"category": "product_name",
"name": "TIM 4R-IE (6NH7800-4BA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV3.1",
"product": {
"name": "TIM 4R-IE DNP3 (6NH7803-4BA00-0AA0)",
"product_id": "28",
"product_identification_helper": {
"model_numbers": [
"6NH7803-4BA00-0AA0"
]
}
}
}
],
"category": "product_name",
"name": "TIM 4R-IE DNP3 (6NH7803-4BA00-0AA0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8214",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs.",
"title": "Summary"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 342-5"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 342-5"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 342-5 FO"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 443-5 Basic"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 443-5 Extended"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIMATIC CP 443-5 Extended"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIPLUS NET CP 443-5"
},
{
"category": "summary",
"text": "Potential exploitation requires access to the PROFIBUS network.",
"title": "For SIPLUS NET CP342-5"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"10",
"11",
"12",
"13",
"19"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.6 or later version",
"product_ids": [
"22",
"27"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109481769/"
},
{
"category": "vendor_fix",
"details": "Update to V2.6 or later version",
"product_ids": [
"20",
"24",
"25"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109481769/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0.44 or later version",
"product_ids": [
"5",
"15"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109742236/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"23",
"28"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109481765/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"21",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109481766/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1.1 or later version",
"product_ids": [
"4",
"6",
"14",
"16"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109486101/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2.9 or later version",
"product_ids": [
"7",
"8",
"9",
"17",
"18"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109482246/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"4",
"5",
"6",
"7",
"8",
"9",
"14",
"15",
"16",
"17",
"18",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"2"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"3"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"10"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"11"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"12"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"19"
]
},
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"13"
]
}
],
"title": "CVE-2015-8214"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…