cnvd-2015-01198
Vulnerability from cnvd
Title
Siemens SIMATIC STEP 7安全绕过漏洞
Description
Siemens SIMATIC是一款采用单一工程技术环境的自动化软件。 Siemens SIMATIC STEP 7存在安全漏洞,由于SIMATIC STEP 7中设备用户特权信息存在未保护的TIA门户项目中,允许攻击者利用漏洞可访问项目文件读取敏感信息。
Severity
Patch Name
Siemens SIMATIC STEP 7安全绕过漏洞的补丁
Patch Description
Siemens SIMATIC是一款采用单一工程技术环境的自动化软件。 Siemens SIMATIC STEP 7存在安全漏洞,由于SIMATIC STEP 7中设备用户特权信息存在未保护的TIA门户项目中,允许攻击者利用漏洞可访问项目文件读取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

SIMATIC STEP 7 V13 SP1已经修复该漏洞,建议用户下载更新: http://subscriber.communications.siemens.com/

Reference
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf
Impacted products
Name
SIEMENS SIMATIC STEP 7 V13 SP1
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "72627"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1356"
    }
  },
  "description": "Siemens SIMATIC\u662f\u4e00\u6b3e\u91c7\u7528\u5355\u4e00\u5de5\u7a0b\u6280\u672f\u73af\u5883\u7684\u81ea\u52a8\u5316\u8f6f\u4ef6\u3002\r\n\r\nSiemens SIMATIC STEP 7\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8eSIMATIC STEP 7\u4e2d\u8bbe\u5907\u7528\u6237\u7279\u6743\u4fe1\u606f\u5b58\u5728\u672a\u4fdd\u62a4\u7684TIA\u95e8\u6237\u9879\u76ee\u4e2d\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u8bbf\u95ee\u9879\u76ee\u6587\u4ef6\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Aleksandr Timorin from Positive Technologies",
  "formalWay": "SIMATIC STEP 7 V13 SP1\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://subscriber.communications.siemens.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01198",
  "openTime": "2015-02-27",
  "patchDescription": "Siemens SIMATIC\u662f\u4e00\u6b3e\u91c7\u7528\u5355\u4e00\u5de5\u7a0b\u6280\u672f\u73af\u5883\u7684\u81ea\u52a8\u5316\u8f6f\u4ef6\u3002\r\n\r\nSiemens SIMATIC STEP 7\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8eSIMATIC STEP 7\u4e2d\u8bbe\u5907\u7528\u6237\u7279\u6743\u4fe1\u606f\u5b58\u5728\u672a\u4fdd\u62a4\u7684TIA\u95e8\u6237\u9879\u76ee\u4e2d\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u8bbf\u95ee\u9879\u76ee\u6587\u4ef6\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC STEP 7\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS SIMATIC STEP 7 V13 SP1"
  },
  "referenceLink": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2015-02-21",
  "title": "Siemens SIMATIC STEP 7\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.