cnvd - cnvd-2018-18613

cnvd-2018-18613

Vulnerability from cnvd

Title: SIMATIC WinCC OA权限提升漏洞

Description:

客户端 - 服务器HMI（人机界面）系统SIMATIC WinCC开放式架构（OA）是SIMATIC HMI系列的一部分。它设计用于需要高度客户特定适应性的应用程序，大型或复杂应用程序以及强加特定系统要求或功能的项目。

SIMATIC WinCC OA V3.14及之前版本存在权限提升漏洞，允许未经身份验证的远程用户在SIMATIC WinCC OA V3.14的上下文中升级其权限。

Severity: 高

Patch Name: SIMATIC WinCC OA权限提升漏洞的补丁

Patch Description:

SIMATIC WinCC OA V3.14及之前版本存在权限提升漏洞，允许未经身份验证的远程用户在SIMATIC WinCC OA V3.14的上下文中升级其权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

西门子已经确定了以下具体的解决方法和缓解措施： https://portal.etm.at/patchdownload.php?fp=version_3.14/win64vc12/ReadmeP021.txt https://portal.etm.at/index.php?option=com_phocadownload&view=category&id=52:security&Itemid=81

Reference: https://cert-portal.siemens.com/productcert/txt/ssa-346256.txt

Impacted products

Name
Siemens WinCC OA <=V3.14

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-13799"
    }
  },
  "description": "\u5ba2\u6237\u7aef - \u670d\u52a1\u5668HMI\uff08\u4eba\u673a\u754c\u9762\uff09\u7cfb\u7edfSIMATIC WinCC\u5f00\u653e\u5f0f\u67b6\u6784\uff08OA\uff09\u662fSIMATIC HMI\u7cfb\u5217\u7684\u4e00\u90e8\u5206\u3002 \u5b83\u8bbe\u8ba1\u7528\u4e8e\u9700\u8981\u9ad8\u5ea6\u5ba2\u6237\u7279\u5b9a\u9002\u5e94\u6027\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5927\u578b\u6216\u590d\u6742\u5e94\u7528\u7a0b\u5e8f\u4ee5\u53ca\u5f3a\u52a0\u7279\u5b9a\u7cfb\u7edf\u8981\u6c42\u6216\u529f\u80fd\u7684\u9879\u76ee\u3002\r\n\r\nSIMATIC WinCC OA V3.14\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u5728SIMATIC WinCC OA V3.14\u7684\u4e0a\u4e0b\u6587\u4e2d\u5347\u7ea7\u5176\u6743\u9650\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u897f\u95e8\u5b50\u5df2\u7ecf\u786e\u5b9a\u4e86\u4ee5\u4e0b\u5177\u4f53\u7684\u89e3\u51b3\u65b9\u6cd5\u548c\u7f13\u89e3\u63aa\u65bd\uff1a\r\nhttps://portal.etm.at/patchdownload.php?fp=version_3.14/win64vc12/ReadmeP021.txt\r\nhttps://portal.etm.at/index.php?option=com_phocadownload\u0026view=category\u0026id=52:security\u0026Itemid=81",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-18613",
  "openTime": "2018-09-13",
  "patchDescription": "\u5ba2\u6237\u7aef - \u670d\u52a1\u5668HMI\uff08\u4eba\u673a\u754c\u9762\uff09\u7cfb\u7edfSIMATIC WinCC\u5f00\u653e\u5f0f\u67b6\u6784\uff08OA\uff09\u662fSIMATIC HMI\u7cfb\u5217\u7684\u4e00\u90e8\u5206\u3002 \u5b83\u8bbe\u8ba1\u7528\u4e8e\u9700\u8981\u9ad8\u5ea6\u5ba2\u6237\u7279\u5b9a\u9002\u5e94\u6027\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5927\u578b\u6216\u590d\u6742\u5e94\u7528\u7a0b\u5e8f\u4ee5\u53ca\u5f3a\u52a0\u7279\u5b9a\u7cfb\u7edf\u8981\u6c42\u6216\u529f\u80fd\u7684\u9879\u76ee\u3002\r\n\r\nSIMATIC WinCC OA V3.14\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u5728SIMATIC WinCC OA V3.14\u7684\u4e0a\u4e0b\u6587\u4e2d\u5347\u7ea7\u5176\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SIMATIC WinCC OA\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens WinCC OA \u003c=V3.14"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/txt/ssa-346256.txt",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-13",
  "title": "SIMATIC WinCC OA\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2018-13799 (GCVE-0-2018-13799)

Vulnerability from cvelistv5

Published

2018-09-12 14:00

Modified

2024-09-16 17:38

Severity ?

CWE

CWE-269 - Improper Privilege Management

Summary

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/105332	vdb-entry, x_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Siemens AG	SIMATIC WinCC OA V3.14 and prior	Version: SIMATIC WinCC OA V3.14 and prior : All versions < V3.14-P021

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:14:47.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105332",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC WinCC OA V3.14 and prior",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "SIMATIC WinCC OA V3.14 and prior : All versions \u003c V3.14-P021"
            }
          ]
        }
      ],
      "datePublic": "2018-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions \u003c V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-13T09:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "105332",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "DATE_PUBLIC": "2018-09-11T00:00:00",
          "ID": "CVE-2018-13799",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinCC OA V3.14 and prior",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SIMATIC WinCC OA V3.14 and prior : All versions \u003c V3.14-P021"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions \u003c V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269: Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105332",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105332"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-13799",
    "datePublished": "2018-09-12T14:00:00Z",
    "dateReserved": "2018-07-10T00:00:00",
    "dateUpdated": "2024-09-16T17:38:43.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted