cnvd - cnvd-2021-54362

cnvd-2021-54362

Vulnerability from cnvd

Title: 多款Siemens产品资源管理错误漏洞（CNVD-2021-54362）

Description:

Siemens SIMATIC IT LMS是一套总体设备效能（OEE）的线路监控系统。SIMATIC IT Production Suite是一套工厂生产管理套件。

多款Siemens产品存在资源管理错误漏洞，攻击者可利用漏洞向受影响的服务发送多个构建的数据包，导致部分远程拒绝服务，从而导致服务自行重新启动。

Severity: 中

Patch Name: 多款Siemens产品资源管理错误漏洞（CNVD-2021-54362）的补丁

Patch Description:

Siemens SIMATIC IT LMS是一套总体设备效能（OEE）的线路监控系统。SIMATIC IT Production Suite是一套工厂生产管理套件。

多款Siemens产品存在资源管理错误漏洞，攻击者可利用漏洞向受影响的服务发送多个构建的数据包，导致部分远程拒绝服务，从而导致服务自行重新启动。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商只发布了SiemensOpcenterExecutionDiscrete等部分产品的升级补丁以修复漏洞，其他产品的升级补丁暂未发布，详情请参考链接： https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf

Reference: https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf

Impacted products

Name
['Siemens SIMATIC IT LMS < V2.6', 'SIEMENS SIMATIC IT Production Suite < V8.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7587"
    }
  },
  "description": "Siemens SIMATIC IT LMS\u662f\u4e00\u5957\u603b\u4f53\u8bbe\u5907\u6548\u80fd\uff08OEE\uff09\u7684\u7ebf\u8def\u76d1\u63a7\u7cfb\u7edf\u3002SIMATIC IT Production Suite\u662f\u4e00\u5957\u5de5\u5382\u751f\u4ea7\u7ba1\u7406\u5957\u4ef6\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5411\u53d7\u5f71\u54cd\u7684\u670d\u52a1\u53d1\u9001\u591a\u4e2a\u6784\u5efa\u7684\u6570\u636e\u5305\uff0c\u5bfc\u81f4\u90e8\u5206\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\uff0c\u4ece\u800c\u5bfc\u81f4\u670d\u52a1\u81ea\u884c\u91cd\u65b0\u542f\u52a8\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u53ea\u53d1\u5e03\u4e86SiemensOpcenterExecutionDiscrete\u7b49\u90e8\u5206\u4ea7\u54c1\u7684\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u5176\u4ed6\u4ea7\u54c1\u7684\u5347\u7ea7\u8865\u4e01\u6682\u672a\u53d1\u5e03\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-54362",
  "openTime": "2021-07-24",
  "patchDescription": "Siemens SIMATIC IT LMS\u662f\u4e00\u5957\u603b\u4f53\u8bbe\u5907\u6548\u80fd\uff08OEE\uff09\u7684\u7ebf\u8def\u76d1\u63a7\u7cfb\u7edf\u3002SIMATIC IT Production Suite\u662f\u4e00\u5957\u5de5\u5382\u751f\u4ea7\u7ba1\u7406\u5957\u4ef6\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5411\u53d7\u5f71\u54cd\u7684\u670d\u52a1\u53d1\u9001\u591a\u4e2a\u6784\u5efa\u7684\u6570\u636e\u5305\uff0c\u5bfc\u81f4\u90e8\u5206\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\uff0c\u4ece\u800c\u5bfc\u81f4\u670d\u52a1\u81ea\u884c\u91cd\u65b0\u542f\u52a8\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-54362\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC IT LMS \u003c V2.6",
      "SIEMENS SIMATIC IT Production Suite \u003c V8.0"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2020-07-15",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-54362\uff09"
}

CVE-2020-7587 (GCVE-0-2020-7587)

Vulnerability from cvelistv5

Published

2020-07-14 13:18

Modified

2024-08-04 09:33

Severity ?

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Siemens

Opcenter Execution Discrete

Version: All versions < V3.2

Siemens	Opcenter Execution Foundation	Version: All versions < V3.2
Siemens	Opcenter Execution Process	Version: All versions < V3.2
Siemens	Opcenter Intelligence	Version: All versions < V3.3
Siemens	Opcenter Quality	Version: All versions < V11.3
Siemens	Opcenter RD&L	Version: V8.0
Siemens	SIMATIC IT LMS	Version: All versions < V2.6
Siemens	SIMATIC IT Production Suite	Version: All versions < V8.0
Siemens	SIMATIC Notifier Server for Windows	Version: All versions
Siemens	SIMATIC PCS neo	Version: All versions < V3.0 SP1
Siemens	SIMATIC STEP 7 (TIA Portal) V15	Version: All versions < V15.1 Update 5
Siemens	SIMATIC STEP 7 (TIA Portal) V16	Version: All versions < V16 Update 2
Siemens	SIMOCODE ES V15.1	Version: All versions < V15.1 Update 4
Siemens	SIMOCODE ES V16	Version: All versions < V16 Update 1
Siemens	Soft Starter ES V15.1	Version: All versions < V15.1 Update 3
Siemens	Soft Starter ES V16	Version: All versions < V16 Update 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Opcenter Execution Discrete",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Foundation",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Process",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Intelligence",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V11.3"
            }
          ]
        },
        {
          "product": "Opcenter RD\u0026L",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC IT LMS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.6"
            }
          ]
        },
        {
          "product": "SIMATIC IT Production Suite",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC Notifier Server for Windows",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC PCS neo",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 5"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 2"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 4"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        },
        {
          "product": "Soft Starter ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 3"
            }
          ]
        },
        {
          "product": "Soft Starter ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T11:16:51",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-7587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Opcenter Execution Discrete",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Foundation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Process",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Intelligence",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Quality",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter RD\u0026L",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT LMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT Production Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Notifier Server for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS neo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.0 SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-7587",
    "datePublished": "2020-07-14T13:18:05",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted