cnvd-2024-38013
Vulnerability from cnvd

Title: Siemens SIMATIC SCADA和PCS 7 systems远程代码执行漏洞

Description:

SIMATIC Information Server用于报告和可视化存储在SIMATIC process Historian中的过程数据。SIMATIC Process Historian是SIMATIC PCS 7、SIMATIC WinCC和SIMATIC PCS-neo的长期归档系统。它将生产工厂的过程值、警报和批数据存储在其数据库中,并为报告和可视化应用程序提供历史过程数据。SIMATIC PCS 7是一个分布式控制系统(DCS),集成了SIMATIC WinCC、SIMATIC Batch、SIMATIC路由控制、OpenPCS 7和其他组件。SIMATIC WinCC是一个监控和数据采集(SCADA)系统。SIMATIC WinCC Runtime Professional是一个可视化运行时平台,用于操作员控制和监控机器和工厂。

Siemens SIMATIC SCADA和PCS 7 systems存在远程代码执行漏洞,该漏洞是由于受影响的产品以提升的权限运行其数据库服务器,攻击者可利用该漏洞以管理权限执行任意操作系统命令。

Severity:

Patch Name: Siemens SIMATIC SCADA和PCS 7 systems远程代码执行漏洞的补丁

Patch Description:

SIMATIC Information Server用于报告和可视化存储在SIMATIC process Historian中的过程数据。SIMATIC Process Historian是SIMATIC PCS 7、SIMATIC WinCC和SIMATIC PCS-neo的长期归档系统。它将生产工厂的过程值、警报和批数据存储在其数据库中,并为报告和可视化应用程序提供历史过程数据。SIMATIC PCS 7是一个分布式控制系统(DCS),集成了SIMATIC WinCC、SIMATIC Batch、SIMATIC路由控制、OpenPCS 7和其他组件。SIMATIC WinCC是一个监控和数据采集(SCADA)系统。SIMATIC WinCC Runtime Professional是一个可视化运行时平台,用于操作员控制和监控机器和工厂。

Siemens SIMATIC SCADA和PCS 7 systems存在远程代码执行漏洞,该漏洞是由于受影响的产品以提升的权限运行其数据库服务器,攻击者可利用该漏洞以管理权限执行任意操作系统命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-629254.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-629254.html

Impacted products
Name
['Siemens SIMATIC Process Historian 2020 null', 'Siemens SIMATIC PCS 7 V9.1', 'Siemens SIMATIC WinCC Runtime Professional V18', 'Siemens SIMATIC WinCC Runtime Professional V19', 'Siemens SIMATIC WinCC V7.4', 'Siemens SIMATIC BATCH V9.1', 'Siemens SIMATIC WinCC V8.0 < V8.0 Update 5', 'Siemens SIMATIC Information Server', 'Siemens SIMATIC Process Historian 2022', 'Siemens SIMATIC WinCC V7.5 < V7.5 SP2 Update 18']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-35783"
    }
  },
  "description": "SIMATIC Information Server\u7528\u4e8e\u62a5\u544a\u548c\u53ef\u89c6\u5316\u5b58\u50a8\u5728SIMATIC process Historian\u4e2d\u7684\u8fc7\u7a0b\u6570\u636e\u3002SIMATIC Process Historian\u662fSIMATIC PCS 7\u3001SIMATIC WinCC\u548cSIMATIC PCS-neo\u7684\u957f\u671f\u5f52\u6863\u7cfb\u7edf\u3002\u5b83\u5c06\u751f\u4ea7\u5de5\u5382\u7684\u8fc7\u7a0b\u503c\u3001\u8b66\u62a5\u548c\u6279\u6570\u636e\u5b58\u50a8\u5728\u5176\u6570\u636e\u5e93\u4e2d\uff0c\u5e76\u4e3a\u62a5\u544a\u548c\u53ef\u89c6\u5316\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5386\u53f2\u8fc7\u7a0b\u6570\u636e\u3002SIMATIC PCS 7\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\uff0c\u96c6\u6210\u4e86SIMATIC WinCC\u3001SIMATIC Batch\u3001SIMATIC\u8def\u7531\u63a7\u5236\u3001OpenPCS 7\u548c\u5176\u4ed6\u7ec4\u4ef6\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u63a7\u673a\u5668\u548c\u5de5\u5382\u3002\n\nSiemens SIMATIC SCADA\u548cPCS 7 systems\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u4ee5\u63d0\u5347\u7684\u6743\u9650\u8fd0\u884c\u5176\u6570\u636e\u5e93\u670d\u52a1\u5668\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-629254.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38013",
  "openTime": "2024-09-13",
  "patchDescription": "SIMATIC Information Server\u7528\u4e8e\u62a5\u544a\u548c\u53ef\u89c6\u5316\u5b58\u50a8\u5728SIMATIC process Historian\u4e2d\u7684\u8fc7\u7a0b\u6570\u636e\u3002SIMATIC Process Historian\u662fSIMATIC PCS 7\u3001SIMATIC WinCC\u548cSIMATIC PCS-neo\u7684\u957f\u671f\u5f52\u6863\u7cfb\u7edf\u3002\u5b83\u5c06\u751f\u4ea7\u5de5\u5382\u7684\u8fc7\u7a0b\u503c\u3001\u8b66\u62a5\u548c\u6279\u6570\u636e\u5b58\u50a8\u5728\u5176\u6570\u636e\u5e93\u4e2d\uff0c\u5e76\u4e3a\u62a5\u544a\u548c\u53ef\u89c6\u5316\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5386\u53f2\u8fc7\u7a0b\u6570\u636e\u3002SIMATIC PCS 7\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\uff0c\u96c6\u6210\u4e86SIMATIC WinCC\u3001SIMATIC Batch\u3001SIMATIC\u8def\u7531\u63a7\u5236\u3001OpenPCS 7\u548c\u5176\u4ed6\u7ec4\u4ef6\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u63a7\u673a\u5668\u548c\u5de5\u5382\u3002\r\n\r\nSiemens SIMATIC SCADA\u548cPCS 7 systems\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u4ee5\u63d0\u5347\u7684\u6743\u9650\u8fd0\u884c\u5176\u6570\u636e\u5e93\u670d\u52a1\u5668\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC SCADA\u548cPCS 7 systems\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC Process Historian 2020 null",
      "Siemens SIMATIC PCS 7 V9.1",
      "Siemens SIMATIC WinCC Runtime Professional V18",
      "Siemens SIMATIC WinCC Runtime Professional V19",
      "Siemens SIMATIC WinCC V7.4",
      "Siemens SIMATIC BATCH V9.1",
      "Siemens SIMATIC WinCC V8.0 \u003c V8.0 Update 5",
      "Siemens SIMATIC Information Server",
      "Siemens SIMATIC Process Historian 2022",
      "Siemens SIMATIC WinCC V7.5 \u003c V7.5 SP2 Update 18"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-09-12",
  "title": "Siemens SIMATIC SCADA\u548cPCS 7 systems\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.