cnvd - cnvd-2021-89422

cnvd-2021-89422

Vulnerability from cnvd

Title: Siemens SIMATIC PCS 7和SIMATIC WinCC路径遍历漏洞（CNVD-2021-89422）

Description:

Siemens SIMATIC PCS 7和SIMATIC WinCC都是德国西门子（Siemens）公司的产品。SIMATIC PCS 7是一套过程控制系统。SIMATIC WinCC是一套自动化的数据采集与监控（SCADA）系统。

Siemens SIMATIC PCS 7和SIMATIC WinCC存在路径遍历漏洞，该漏洞源于受影响系统的合法文件操作不能正确中和路径名中的特殊元素。攻击者可利用漏洞会导致路径名解析到服务器上受限目录之外的位置，并读取、写入或删除意外的关键文件。

Severity: 高

Patch Name: Siemens SIMATIC PCS 7和SIMATIC WinCC路径遍历漏洞（CNVD-2021-89422）的补丁

Patch Description:

Siemens SIMATIC PCS 7和SIMATIC WinCC存在路径遍历漏洞，该漏洞源于受影响系统的合法文件操作不能正确中和路径名中的特殊元素。攻击者可利用漏洞会导致路径名解析到服务器上受限目录之外的位置，并读取、写入或删除意外的关键文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf

Reference: https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf

Impacted products

Name
['SIEMENS SIMATIC PCS 7 V9.0', 'SIEMENS SIMATIC PCS 7 <=V8.2', 'SIEMENS SIMATIC WinCC <=V15', 'SIEMENS SIMATIC WinCC V16', 'SIEMENS SIMATIC WinCC <=V7.4', 'SIEMENS SIMATIC PCS 7 V9.1', 'Siemens SIMATIC WinCC <V7.5 SP2 Update 5', 'Siemens SIMATIC WinCC V17']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-40358"
    }
  },
  "description": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SIMATIC PCS 7\u662f\u4e00\u5957\u8fc7\u7a0b\u63a7\u5236\u7cfb\u7edf\u3002SIMATIC WinCC\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\n\nSiemens SIMATIC PCS 7\u548cSIMATIC WinCC\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u5408\u6cd5\u6587\u4ef6\u64cd\u4f5c\u4e0d\u80fd\u6b63\u786e\u4e2d\u548c\u8def\u5f84\u540d\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4f1a\u5bfc\u81f4\u8def\u5f84\u540d\u89e3\u6790\u5230\u670d\u52a1\u5668\u4e0a\u53d7\u9650\u76ee\u5f55\u4e4b\u5916\u7684\u4f4d\u7f6e\uff0c\u5e76\u8bfb\u53d6\u3001\u5199\u5165\u6216\u5220\u9664\u610f\u5916\u7684\u5173\u952e\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-89422",
  "openTime": "2021-11-20",
  "patchDescription": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SIMATIC PCS 7\u662f\u4e00\u5957\u8fc7\u7a0b\u63a7\u5236\u7cfb\u7edf\u3002SIMATIC WinCC\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\r\n\r\nSiemens SIMATIC PCS 7\u548cSIMATIC WinCC\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u5408\u6cd5\u6587\u4ef6\u64cd\u4f5c\u4e0d\u80fd\u6b63\u786e\u4e2d\u548c\u8def\u5f84\u540d\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4f1a\u5bfc\u81f4\u8def\u5f84\u540d\u89e3\u6790\u5230\u670d\u52a1\u5668\u4e0a\u53d7\u9650\u76ee\u5f55\u4e4b\u5916\u7684\u4f4d\u7f6e\uff0c\u5e76\u8bfb\u53d6\u3001\u5199\u5165\u6216\u5220\u9664\u610f\u5916\u7684\u5173\u952e\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2021-89422\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC PCS 7 V9.0",
      "SIEMENS SIMATIC PCS 7 \u003c=V8.2",
      "SIEMENS SIMATIC WinCC \u003c=V15",
      "SIEMENS SIMATIC WinCC V16",
      "SIEMENS SIMATIC WinCC \u003c=V7.4",
      "SIEMENS SIMATIC PCS 7 V9.1",
      "Siemens SIMATIC WinCC \u003cV7.5 SP2 Update 5",
      "Siemens SIMATIC WinCC V17"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2021-11-17",
  "title": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2021-89422\uff09"
}

CVE-2021-40358 (GCVE-0-2021-40358)

Vulnerability from cvelistv5

Published

2021-11-09 11:32

Modified

2024-08-04 02:44

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf

Impacted products

Vendor

Product

Version

▼

Siemens

SIMATIC PCS 7 V8.2

Version: All versions

Siemens	SIMATIC PCS 7 V9.0	Version: All versions < V9.0 SP3 UC04
Siemens	SIMATIC PCS 7 V9.1	Version: All versions < V9.1 SP1
Siemens	SIMATIC WinCC V15 and earlier	Version: All versions < V15 SP1 Update 7
Siemens	SIMATIC WinCC V16	Version: All versions < V16 Update 5
Siemens	SIMATIC WinCC V17	Version: All versions < V17 Update 2
Siemens	SIMATIC WinCC V7.4	Version: All versions < V7.4 SP1 Update 19
Siemens	SIMATIC WinCC V7.5	Version: All versions < V7.5 SP2 Update 5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:09.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V8.2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V9.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.0 SP3 UC04"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V9.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.1 SP1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V15 and earlier",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15 SP1 Update 7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V17",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V17 Update 2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V7.4",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.4 SP1 Update 19"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V7.5",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.5 SP2 Update 5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions \u003c V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions \u003c V15 SP1 Update 7), SIMATIC WinCC V16 (All versions \u003c V16 Update 5), SIMATIC WinCC V17 (All versions \u003c V17 Update 2), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:01:58.251Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-40358",
    "datePublished": "2021-11-09T11:32:04",
    "dateReserved": "2021-09-01T00:00:00",
    "dateUpdated": "2024-08-04T02:44:09.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted