cnvd - cnvd-2017-06154

cnvd-2017-06154

Vulnerability from cnvd

Title: Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional拒绝服务漏洞

Description:

Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional等都是德国西门子（Siemens）公司的工业自动化产品。SIMATIC WinCC是一个监控和数据采集（SCADA）系统。SIMATIC WinCC Runtime Professional是用于操作员的可视化运行时平台机器和设备的控制和监控。

Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional存在拒绝服务漏洞。作为“管理员”身份的远程攻击者可利用漏洞通过向DCOM接口发送特制消息来进行崩溃服务。

Severity: 高

Patch Name: Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional拒绝服务漏洞的补丁

Patch Description:

Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional存在拒绝服务漏洞。作为“管理员”身份的远程攻击者可利用漏洞通过向DCOM接口发送特制消息来进行崩溃服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息： https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf

Reference: http://www.siemens.com/cert/en/cert-security-advisories.htm

Impacted products

Name
['SIEMENS SIMATIC WinCC <V7.3 Upd 11', 'SIEMENS SIMATIC WinCC <V7.4 SP1', 'SIEMENS SIMATIC WinCC Runtime Professional <V13 SP2', 'SIEMENS SIMATIC WinCC Runtime Professional <V14 SP1', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional <V13 SP2', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional <V14 SP1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6867"
    }
  },
  "description": "Siemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u4ea7\u54c1\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u7528\u4e8e\u64cd\u4f5c\u5458\u7684\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\u673a\u5668\u548c\u8bbe\u5907\u7684\u63a7\u5236\u548c\u76d1\u63a7\u3002\r\n\r\nSiemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u4f5c\u4e3a\u201c\u7ba1\u7406\u5458\u201d\u8eab\u4efd\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u5411DCOM\u63a5\u53e3\u53d1\u9001\u7279\u5236\u6d88\u606f\u6765\u8fdb\u884c\u5d29\u6e83\u670d\u52a1\u3002",
  "discovererName": "Sergey Temnikov and Vladimir Dashchenko, Critical Infrastructure Defense Team, Kaspersky Lab",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06154",
  "openTime": "2017-05-09",
  "patchDescription": "Siemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u4ea7\u54c1\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u7528\u4e8e\u64cd\u4f5c\u5458\u7684\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\u673a\u5668\u548c\u8bbe\u5907\u7684\u63a7\u5236\u548c\u76d1\u63a7\u3002\r\n\r\nSiemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u4f5c\u4e3a\u201c\u7ba1\u7406\u5458\u201d\u8eab\u4efd\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u5411DCOM\u63a5\u53e3\u53d1\u9001\u7279\u5236\u6d88\u606f\u6765\u8fdb\u884c\u5d29\u6e83\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC WinCC \u003cV7.3 Upd 11",
      "SIEMENS SIMATIC WinCC \u003cV7.4 SP1",
      "SIEMENS SIMATIC WinCC Runtime Professional \u003cV13 SP2",
      "SIEMENS SIMATIC WinCC Runtime Professional \u003cV14 SP1",
      "SIEMENS SIMATIC WinCC (TIA Portal) Professional \u003cV13 SP2",
      "SIEMENS SIMATIC WinCC (TIA Portal) Professional \u003cV14 SP1"
    ]
  },
  "referenceLink": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-09",
  "title": "Siemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2017-6867 (GCVE-0-2017-6867)

Vulnerability from cvelistv5

Published

2017-05-11 10:00

Modified

2024-08-05 15:41

Severity ?

CWE

CWE-787 - Out-of-bounds Write

Summary

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/98368	vdb-entry, x_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf	x_refsource_CONFIRM
	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Siemens SIMATIC WinCC	Version: Siemens SIMATIC WinCC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98368",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98368"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Siemens SIMATIC WinCC",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Siemens SIMATIC WinCC"
            }
          ]
        }
      ],
      "datePublic": "2017-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-13T09:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "98368",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98368"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-6867",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Siemens SIMATIC WinCC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Siemens SIMATIC WinCC"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787: Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98368",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98368"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
            },
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-6867",
    "datePublished": "2017-05-11T10:00:00",
    "dateReserved": "2017-03-13T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted