cnvd-2018-25912
Vulnerability from cnvd

Title: Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing授权问题漏洞

Description:

Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing都是德国西门子(Siemens)公司的产品。Siemens SIMATIC IT LMS是一套总体设备效能(OEE)的线路监控系统。SIMATIC IT Production Suite是一套工厂生产管理套件。SIMATIC IT UA Discrete Manufacturing是一套为制造业提供结构化服务的解决方案。

Siemens SIMATIC IT LMS、SIMATIC IT Production Suite 7.1 Upd3之前的7.1版本和SIMATIC IT UA Discrete Manufacturing 2.4之前版本中存在授权问题漏洞,攻击者可利用该漏洞绕过应用程序的身份验证检测,影响系统的保密性、完整性和可用性。

Severity:

Patch Name: Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing授权问题漏洞的补丁

Patch Description:

Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing都是德国西门子(Siemens)公司的产品。Siemens SIMATIC IT LMS是一套总体设备效能(OEE)的线路监控系统。SIMATIC IT Production Suite是一套工厂生产管理套件。SIMATIC IT UA Discrete Manufacturing是一套为制造业提供结构化服务的解决方案。

Siemens SIMATIC IT LMS、SIMATIC IT Production Suite 7.1 Upd3之前的7.1版本和SIMATIC IT UA Discrete Manufacturing 2.4之前版本中存在授权问题漏洞,攻击者可利用该漏洞绕过应用程序的身份验证检测,影响系统的保密性、完整性和可用性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

目前厂商只发布了SIMATIC IT Production Suite等产品的升级补丁以修复漏洞,产品SIMATIC IT LMS的升级补丁暂未发布,详情请参考链接: https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf

Reference: https://ics-cert.us-cert.gov/advisories/ICSA-18-317-07

Impacted products
Name
['Siemens SIMATIC IT LMS ALL', 'Siemens SIMATIC IT UA Discrete Manufacturing <2.4', 'Siemens SIMATIC IT Production Suite 7.1.*,<7.1 Upd3']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-13804"
    }
  },
  "description": "Siemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite\u548cSIMATIC IT UA Discrete Manufacturing\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Siemens SIMATIC IT LMS\u662f\u4e00\u5957\u603b\u4f53\u8bbe\u5907\u6548\u80fd\uff08OEE\uff09\u7684\u7ebf\u8def\u76d1\u63a7\u7cfb\u7edf\u3002SIMATIC IT Production Suite\u662f\u4e00\u5957\u5de5\u5382\u751f\u4ea7\u7ba1\u7406\u5957\u4ef6\u3002SIMATIC IT UA Discrete Manufacturing\u662f\u4e00\u5957\u4e3a\u5236\u9020\u4e1a\u63d0\u4f9b\u7ed3\u6784\u5316\u670d\u52a1\u7684\u89e3\u51b3\u65b9\u6848\u3002\n\nSiemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite 7.1 Upd3\u4e4b\u524d\u76847.1\u7248\u672c\u548cSIMATIC IT UA Discrete Manufacturing 2.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5e94\u7528\u7a0b\u5e8f\u7684\u8eab\u4efd\u9a8c\u8bc1\u68c0\u6d4b\uff0c\u5f71\u54cd\u7cfb\u7edf\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u76ee\u524d\u5382\u5546\u53ea\u53d1\u5e03\u4e86SIMATIC IT Production Suite\u7b49\u4ea7\u54c1\u7684\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u4ea7\u54c1SIMATIC IT LMS\u7684\u5347\u7ea7\u8865\u4e01\u6682\u672a\u53d1\u5e03\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25912",
  "openTime": "2018-12-20",
  "patchDescription": "Siemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite\u548cSIMATIC IT UA Discrete Manufacturing\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Siemens SIMATIC IT LMS\u662f\u4e00\u5957\u603b\u4f53\u8bbe\u5907\u6548\u80fd\uff08OEE\uff09\u7684\u7ebf\u8def\u76d1\u63a7\u7cfb\u7edf\u3002SIMATIC IT Production Suite\u662f\u4e00\u5957\u5de5\u5382\u751f\u4ea7\u7ba1\u7406\u5957\u4ef6\u3002SIMATIC IT UA Discrete Manufacturing\u662f\u4e00\u5957\u4e3a\u5236\u9020\u4e1a\u63d0\u4f9b\u7ed3\u6784\u5316\u670d\u52a1\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nSiemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite 7.1 Upd3\u4e4b\u524d\u76847.1\u7248\u672c\u548cSIMATIC IT UA Discrete Manufacturing 2.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5e94\u7528\u7a0b\u5e8f\u7684\u8eab\u4efd\u9a8c\u8bc1\u68c0\u6d4b\uff0c\u5f71\u54cd\u7cfb\u7edf\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite\u548cSIMATIC IT UA Discrete Manufacturing\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC IT LMS ALL",
      "Siemens SIMATIC IT UA Discrete Manufacturing \u003c2.4",
      "Siemens SIMATIC IT Production Suite 7.1.*\uff0c\u003c7.1 Upd3"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-07",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-16",
  "title": "Siemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite\u548cSIMATIC IT UA Discrete Manufacturing\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.