cnvd - cnvd-2024-33449

cnvd-2024-33449

Vulnerability from cnvd

Title: 多款SICAM产品未经验证密码重置漏洞

Description:

SICAM 8 Power automation platform是一种通用的、基于硬件和软件的一体化解决方案，适用于电源领域的所有应用。SICAM A8000 RTUs是用于所有能源供应领域的远程控制和自动化应用的模块化设备。SICAM EGS是配电网中本地变电站的网关。

多款SICAM产品存在未经验证密码重置漏洞，攻击者可利用该漏洞重置受影响应用程序的管理帐户的密码，获取受影响应用程序的管理访问权限。

Severity: 高

Patch Name: 多款SICAM产品未经验证密码重置漏洞的补丁

Patch Description:

多款SICAM产品存在未经验证密码重置漏洞，攻击者可利用该漏洞重置受影响应用程序的管理帐户的密码，获取受影响应用程序的管理访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://support.industry.siemens.com/cs/ww/en/view/109804985/ https://support.industry.siemens.com/cs/ww/en/view/109818240/

Reference: https://cert-portal.siemens.com/productcert/html/ssa-071402.html

Impacted products

Name
['Siemens CPCI85 Central Processing/Communication <5.40', 'Siemens SICORE Base system <1.4.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-37998"
    }
  },
  "description": "SICAM 8 Power automation platform\u662f\u4e00\u79cd\u901a\u7528\u7684\u3001\u57fa\u4e8e\u786c\u4ef6\u548c\u8f6f\u4ef6\u7684\u4e00\u4f53\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u9002\u7528\u4e8e\u7535\u6e90\u9886\u57df\u7684\u6240\u6709\u5e94\u7528\u3002SICAM A8000 RTUs\u662f\u7528\u4e8e\u6240\u6709\u80fd\u6e90\u4f9b\u5e94\u9886\u57df\u7684\u8fdc\u7a0b\u63a7\u5236\u548c\u81ea\u52a8\u5316\u5e94\u7528\u7684\u6a21\u5757\u5316\u8bbe\u5907\u3002SICAM EGS\u662f\u914d\u7535\u7f51\u4e2d\u672c\u5730\u53d8\u7535\u7ad9\u7684\u7f51\u5173\u3002\n\n\u591a\u6b3eSICAM\u4ea7\u54c1\u5b58\u5728\u672a\u7ecf\u9a8c\u8bc1\u5bc6\u7801\u91cd\u7f6e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u7f6e\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u7ba1\u7406\u5e10\u6237\u7684\u5bc6\u7801\uff0c\u83b7\u53d6\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109804985/\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109818240/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-33449",
  "openTime": "2024-07-23",
  "patchDescription": "SICAM 8 Power automation platform\u662f\u4e00\u79cd\u901a\u7528\u7684\u3001\u57fa\u4e8e\u786c\u4ef6\u548c\u8f6f\u4ef6\u7684\u4e00\u4f53\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u9002\u7528\u4e8e\u7535\u6e90\u9886\u57df\u7684\u6240\u6709\u5e94\u7528\u3002SICAM A8000 RTUs\u662f\u7528\u4e8e\u6240\u6709\u80fd\u6e90\u4f9b\u5e94\u9886\u57df\u7684\u8fdc\u7a0b\u63a7\u5236\u548c\u81ea\u52a8\u5316\u5e94\u7528\u7684\u6a21\u5757\u5316\u8bbe\u5907\u3002SICAM EGS\u662f\u914d\u7535\u7f51\u4e2d\u672c\u5730\u53d8\u7535\u7ad9\u7684\u7f51\u5173\u3002\r\n\r\n\u591a\u6b3eSICAM\u4ea7\u54c1\u5b58\u5728\u672a\u7ecf\u9a8c\u8bc1\u5bc6\u7801\u91cd\u7f6e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u7f6e\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u7ba1\u7406\u5e10\u6237\u7684\u5bc6\u7801\uff0c\u83b7\u53d6\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSICAM\u4ea7\u54c1\u672a\u7ecf\u9a8c\u8bc1\u5bc6\u7801\u91cd\u7f6e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens CPCI85 Central Processing/Communication \u003c5.40",
      "Siemens SICORE Base system \u003c1.4.0"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-07-23",
  "title": "\u591a\u6b3eSICAM\u4ea7\u54c1\u672a\u7ecf\u9a8c\u8bc1\u5bc6\u7801\u91cd\u7f6e\u6f0f\u6d1e"
}

CVE-2024-37998 (GCVE-0-2024-37998)

Vulnerability from cvelistv5

Published

2024-07-22 13:54

Modified

2024-08-02 04:04

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-620 - Unverified Password Change

Summary

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/html/ssa-071402.html

Impacted products

Vendor

Product

Version

▼

Siemens

CPCI85 Central Processing/Communication

Version: 0 < V5.40

Siemens

SICORE Base system

Version: 0 < V1.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpci85_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "5.40",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:sicore_base_system:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sicore_base_system",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "1.4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T16:50:47.506327Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T16:56:51.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:24.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "CPCI85 Central Processing/Communication",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.40",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICORE Base system",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V5.40), SICORE Base system (All versions \u003c V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-620",
              "description": "CWE-620: Unverified Password Change",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-22T13:54:49.501Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-37998",
    "datePublished": "2024-07-22T13:54:49.501Z",
    "dateReserved": "2024-06-11T08:32:52.184Z",
    "dateUpdated": "2024-08-02T04:04:24.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted