cnvd - cnvd-2017-14601

cnvd-2017-14601

Vulnerability from cnvd

Title: Siemens SiPass integrated凭证获取漏洞

Description:

SiPass server是SiPass集中访问控制系统的组件，接收客户端的连接进行通信。

Siemens SiPass integrated存在凭证获取漏洞，具有本地访问SiPass集成服务器或SiPass集成客户端的攻击者可能从系统获取凭据。

Severity: 中

Patch Name: Siemens SiPass integrated凭证获取漏洞的补丁

Patch Description:

SiPass server是SiPass集中访问控制系统的组件，接收客户端的连接进行通信。

Siemens SiPass integrated存在凭证获取漏洞，具有本地访问SiPass集成服务器或SiPass集成客户端的攻击者可能从系统获取凭据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息： https://www.siemens.com/cert/advisories/

Reference: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf

Impacted products

Name
Siemens SiPass integrated <2.70

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9942"
    }
  },
  "description": "SiPass server\u662fSiPass\u96c6\u4e2d\u8bbf\u95ee\u63a7\u5236\u7cfb\u7edf\u7684\u7ec4\u4ef6\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u7684\u8fde\u63a5\u8fdb\u884c\u901a\u4fe1\u3002\r\n\r\nSiemens SiPass integrated\u5b58\u5728\u51ed\u8bc1\u83b7\u53d6\u6f0f\u6d1e\uff0c\u5177\u6709\u672c\u5730\u8bbf\u95eeSiPass\u96c6\u6210\u670d\u52a1\u5668\u6216SiPass\u96c6\u6210\u5ba2\u6237\u7aef\u7684\u653b\u51fb\u8005\u53ef\u80fd\u4ece\u7cfb\u7edf\u83b7\u53d6\u51ed\u636e\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttps://www.siemens.com/cert/advisories/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14601",
  "openTime": "2017-07-15",
  "patchDescription": "SiPass server\u662fSiPass\u96c6\u4e2d\u8bbf\u95ee\u63a7\u5236\u7cfb\u7edf\u7684\u7ec4\u4ef6\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u7684\u8fde\u63a5\u8fdb\u884c\u901a\u4fe1\u3002\r\n\r\nSiemens SiPass integrated\u5b58\u5728\u51ed\u8bc1\u83b7\u53d6\u6f0f\u6d1e\uff0c\u5177\u6709\u672c\u5730\u8bbf\u95eeSiPass\u96c6\u6210\u670d\u52a1\u5668\u6216SiPass\u96c6\u6210\u5ba2\u6237\u7aef\u7684\u653b\u51fb\u8005\u53ef\u80fd\u4ece\u7cfb\u7edf\u83b7\u53d6\u51ed\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SiPass integrated\u51ed\u8bc1\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens SiPass integrated \u003c2.70"
  },
  "referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-13",
  "title": "Siemens SiPass integrated\u51ed\u8bc1\u83b7\u53d6\u6f0f\u6d1e"
}

CVE-2017-9942 (GCVE-0-2017-9942)

Vulnerability from cvelistv5

Published

2017-08-08 00:00

Modified

2024-08-05 17:24

Severity ?

CWE

CWE-257 - Storing Passwords in a Recoverable Format

Summary

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.

References

▼	URL	Tags
	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/99578	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	SiPass integrated All versions before V2.70	Version: SiPass integrated All versions before V2.70

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:24:59.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
          },
          {
            "name": "99578",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SiPass integrated All versions before V2.70",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "SiPass integrated All versions before V2.70"
            }
          ]
        }
      ],
      "datePublic": "2017-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257: Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-08T09:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
        },
        {
          "name": "99578",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-9942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SiPass integrated All versions before V2.70",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SiPass integrated All versions before V2.70"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-257: Storing Passwords in a Recoverable Format"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
            },
            {
              "name": "99578",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-9942",
    "datePublished": "2017-08-08T00:00:00",
    "dateReserved": "2017-06-26T00:00:00",
    "dateUpdated": "2024-08-05T17:24:59.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted