cvelistv5 - cve-2017-6866

CVE-2017-6866 (GCVE-0-2017-6866)

Vulnerability from cvelistv5

Published

2017-08-07 23:00

Modified

2024-08-05 15:41

Severity ?

CWE

CWE-284 - Improper Access Control

Summary

References

URL

	Vendor	Product	Version
	n/a	XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)	Version: XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)

gsd-2017-6866

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6866

Aliases

CVE-2017-6866

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6866",
    "description": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.",
    "id": "GSD-2017-6866"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6866"
      ],
      "details": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.",
      "id": "GSD-2017-6866",
      "modified": "2023-12-13T01:21:09.498253Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2017-6866",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99247",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99247"
          },
          {
            "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:xhq_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:xhq_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.7.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-6866"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf"
            },
            {
              "name": "99247",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99247"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:29Z",
      "publishedDate": "2017-08-07T23:29Z"
    }
  }
}

cnvd-2017-10821

Vulnerability from cnvd

Title

Siemens XHQ权限提升漏洞

Description

XHQ生产营运智能是西门子能源的旗舰解决方案，在全球最大的石油及天然气和化工公司中被广泛的部署。 Siemens XHQ 4和XHQ 5中存在权限提升漏洞。允许经过身份验证的低权限远程用户获得超过其配置的权限级别的XHQ解决方案中数据的读取访问权限。

Severity

高

Patch Name

Siemens XHQ权限提升漏洞的补丁

Patch Description

XHQ生产营运智能是西门子能源的旗舰解决方案，在全球最大的石油及天然气和化工公司中被广泛的部署。 Siemens XHQ 4和XHQ 5中存在权限提升漏洞。允许经过身份验证的低权限远程用户获得超过其配置的权限级别的XHQ解决方案中数据的读取访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.siemens.com/cert/advisories/

Reference

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf

Impacted products

Name
['Siemens XHQ 4 <V4.7.1.3', 'Siemens XHQ 5 <V5.0.0.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6866"
    }
  },
  "description": "XHQ\u751f\u4ea7\u8425\u8fd0\u667a\u80fd\u662f\u897f\u95e8\u5b50\u80fd\u6e90\u7684\u65d7\u8230\u89e3\u51b3\u65b9\u6848\uff0c\u5728\u5168\u7403\u6700\u5927\u7684\u77f3\u6cb9\u53ca\u5929\u7136\u6c14\u548c\u5316\u5de5\u516c\u53f8\u4e2d\u88ab\u5e7f\u6cdb\u7684\u90e8\u7f72\u3002\r\n\r\nSiemens XHQ 4\u548cXHQ 5\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u4f4e\u6743\u9650\u8fdc\u7a0b\u7528\u6237\u83b7\u5f97\u8d85\u8fc7\u5176\u914d\u7f6e\u7684\u6743\u9650\u7ea7\u522b\u7684XHQ\u89e3\u51b3\u65b9\u6848\u4e2d\u6570\u636e\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.siemens.com/cert/advisories/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10821",
  "openTime": "2017-06-23",
  "patchDescription": "XHQ\u751f\u4ea7\u8425\u8fd0\u667a\u80fd\u662f\u897f\u95e8\u5b50\u80fd\u6e90\u7684\u65d7\u8230\u89e3\u51b3\u65b9\u6848\uff0c\u5728\u5168\u7403\u6700\u5927\u7684\u77f3\u6cb9\u53ca\u5929\u7136\u6c14\u548c\u5316\u5de5\u516c\u53f8\u4e2d\u88ab\u5e7f\u6cdb\u7684\u90e8\u7f72\u3002\r\n\r\nSiemens XHQ 4\u548cXHQ 5\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u4f4e\u6743\u9650\u8fdc\u7a0b\u7528\u6237\u83b7\u5f97\u8d85\u8fc7\u5176\u914d\u7f6e\u7684\u6743\u9650\u7ea7\u522b\u7684XHQ\u89e3\u51b3\u65b9\u6848\u4e2d\u6570\u636e\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens XHQ\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens XHQ 4 \u003cV4.7.1.3",
      "Siemens XHQ 5 \u003cV5.0.0.2"
    ]
  },
  "referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2017-06-23",
  "title": "Siemens XHQ\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. Siemens XHQ The server contains a permission vulnerability.Information may be obtained. XHQ Production Operations Intelligence is Siemens Energy's flagship solution and is widely deployed in the world's largest oil and gas and chemical companies. A privilege elevation vulnerability exists in Siemens XHQ 4 and XHQ 5. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The following versions are affected: Siemens XHQ all versions prior to 4.7.1.3 Siemens XHQ all versions prior to 5.0.0.2

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1505",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "xhq server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7.1.2"
      },
      {
        "model": "xhq server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.0.1"
      },
      {
        "model": "xhq",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "4 (4.7.1.3  )"
      },
      {
        "model": "xhq",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "5 (5.0.0.2  )"
      },
      {
        "model": "xhq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4\u003cv4.7.1.3"
      },
      {
        "model": "xhq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5\u003cv5.0.0.2"
      },
      {
        "model": "xhq server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "4.7.1.2"
      },
      {
        "model": "xhq server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5.0.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "xhq server",
        "version": "*"
      },
      {
        "model": "xhq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0.0.1"
      },
      {
        "model": "xhq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0.0.0"
      },
      {
        "model": "xhq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7.1.1"
      },
      {
        "model": "xhq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7.1.0"
      },
      {
        "model": "xhq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0.0.2"
      },
      {
        "model": "xhq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7.1.3"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "db": "BID",
        "id": "99247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6866"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:siemens:xhq_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "99247"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6866",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-6866",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-10821",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-6866",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6866",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6866",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-10821",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-631",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6866"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. Siemens XHQ The server contains a permission vulnerability.Information may be obtained. XHQ Production Operations Intelligence is Siemens Energy\u0027s flagship solution and is widely deployed in the world\u0027s largest oil and gas and chemical companies. A privilege elevation vulnerability exists in Siemens XHQ 4 and XHQ 5. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. \nThe following versions are affected:\nSiemens XHQ all versions prior to 4.7.1.3\nSiemens XHQ all versions prior to 5.0.0.2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6866"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "db": "BID",
        "id": "99247"
      },
      {
        "db": "IVD",
        "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6866",
        "trust": 3.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-945660",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "99247",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-173-02",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "46C39B07-B93E-4778-9E7C-DB6BC555CF30",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "db": "BID",
        "id": "99247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6866"
      }
    ]
  },
  "id": "VAR-201708-1505",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      }
    ],
    "trust": 1.4571429
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:30:41.064000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-945660",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf"
      },
      {
        "title": "Patch for Siemens XHQ Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/96338"
      },
      {
        "title": "Siemens XHQ 4  and 5 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99682"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-275",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6866"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/99247"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6866"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6866"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-173-02"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "db": "BID",
        "id": "99247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6866"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "db": "BID",
        "id": "99247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6866"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-23T00:00:00",
        "db": "IVD",
        "id": "46c39b07-b93e-4778-9e7c-db6bc555cf30"
      },
      {
        "date": "2017-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "date": "2017-06-23T00:00:00",
        "db": "BID",
        "id": "99247"
      },
      {
        "date": "2017-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      },
      {
        "date": "2017-08-07T23:29:00.227000",
        "db": "NVD",
        "id": "CVE-2017-6866"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-10821"
      },
      {
        "date": "2017-06-23T00:00:00",
        "db": "BID",
        "id": "99247"
      },
      {
        "date": "2017-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      },
      {
        "date": "2024-11-21T03:30:41.580000",
        "db": "NVD",
        "id": "CVE-2017-6866"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens XHQ Server permission vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007084"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-631"
      }
    ],
    "trust": 0.6
  }
}

icsa-17-173-02

Vulnerability from csaf_cisa

Published

2017-06-22 00:00

Modified

2017-06-22 00:00

Summary

Siemens XHQ

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability. This vulnerability is remotely exploitable. Low skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens",
        "summary": "self-reporting this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. This vulnerability is remotely exploitable. Low skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-173-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-173-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-173-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-173-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-173-02"
      }
    ],
    "title": "Siemens XHQ",
    "tracking": {
      "current_release_date": "2017-06-22T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-173-02",
      "initial_release_date": "2017-06-22T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-06-22T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.7.1.3",
                "product": {
                  "name": "XHQ 4: All versions prior to V4.7.1.3",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "XHQ 4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 5.0.0.2",
                "product": {
                  "name": "XHQ 5: All versions prior to V5.0.0.2",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "XHQ 5"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6866",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability in XHQ server could allow an authenticated, low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.CVE-2017-6866 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6866"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Siemens has released new versions of XHQ to address this vulnerability. Users are to call their local service organization for further information on how to obtain the newest version of XHQ. If the local service organization is not known, please call a local Siemens hotline center:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://w3.siemens.com/aspa_app/",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://w3.siemens.com/aspa_app/"
        },
        {
          "category": "vendor_fix",
          "details": "Siemens strongly recommends users protect network access to XHQ with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens \u0027 Operational Guidelines for Industrial Security:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.siemens.com/cert/operational-guidelines-industrial-security",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
        },
        {
          "category": "vendor_fix",
          "details": "For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-945660 at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/advisories",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.siemens.com/cert/advisories"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

ICSA-17-173-02

Vulnerability from csaf_cisa

Published

2017-06-22 00:00

Modified

2017-06-22 00:00

Summary

Siemens XHQ

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

Exploitability

No known public exploits specifically target this vulnerability. This vulnerability is remotely exploitable. Low skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens",
        "summary": "self-reporting this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. This vulnerability is remotely exploitable. Low skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-173-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-173-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-173-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-173-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-173-02"
      }
    ],
    "title": "Siemens XHQ",
    "tracking": {
      "current_release_date": "2017-06-22T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-173-02",
      "initial_release_date": "2017-06-22T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-06-22T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.7.1.3",
                "product": {
                  "name": "XHQ 4: All versions prior to V4.7.1.3",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "XHQ 4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 5.0.0.2",
                "product": {
                  "name": "XHQ 5: All versions prior to V5.0.0.2",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "XHQ 5"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6866",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability in XHQ server could allow an authenticated, low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.CVE-2017-6866 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6866"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Siemens has released new versions of XHQ to address this vulnerability. Users are to call their local service organization for further information on how to obtain the newest version of XHQ. If the local service organization is not known, please call a local Siemens hotline center:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://w3.siemens.com/aspa_app/",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://w3.siemens.com/aspa_app/"
        },
        {
          "category": "vendor_fix",
          "details": "Siemens strongly recommends users protect network access to XHQ with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens \u0027 Operational Guidelines for Industrial Security:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.siemens.com/cert/operational-guidelines-industrial-security",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
        },
        {
          "category": "vendor_fix",
          "details": "For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-945660 at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/advisories",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.siemens.com/cert/advisories"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

CERTFR-2017-AVI-193

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans SCADA Siemens XHQ. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Siemens	N/A	Siemens XHQ versions V5.x antérieures à V5.0.0.2
	Siemens	N/A	Siemens XHQ versions V4.x antérieures à V4.7.1.3

References

Title

Publication Time

fkie_cve-2017-6866

Vulnerability from fkie_nvd

Published

2017-08-07 23:29

Modified

2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/99247	Third Party Advisory, VDB Entry
productcert@siemens.com	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99247	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	siemens	xhq_server	*
	siemens	xhq_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:xhq_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF7D4D0-548A-4E45-A279-FA2A0F32EA9C",
              "versionEndIncluding": "4.7.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:xhq_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0204E2A9-AA1D-42D8-A5B3-939DB37D581C",
              "versionEndIncluding": "5.0.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una vulnerabilidad en el servidor Siemens XHQ 4 y 5 (4, en versiones anteriores a V4.7.1.3 y 5,en versiones anteriores a V5.0.0.2) que podr\u00eda permitir que un usuario remoto con pocos privilegios obtuviera acceso de lectura a los datos de la soluci\u00f3n XHQ que requieren un nivel de permisos superior al que tiene configurado."
    }
  ],
  "id": "CVE-2017-6866",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-07T23:29:00.227",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99247"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-m678-x6cm-7g4w

Vulnerability from github

Published

2022-05-13 01:36

Modified

2022-05-13 01:36

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-07T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.",
  "id": "GHSA-m678-x6cm-7g4w",
  "modified": "2022-05-13T01:36:23Z",
  "published": "2022-05-13T01:36:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6866"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99247"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-6866 (GCVE-0-2017-6866)

Vulnerability from cvelistv5

Vulnerability from gsd

Vulnerability from cnvd

Vulnerability from variot

Vulnerability from csaf_cisa

Vulnerability from csaf_cisa

Vulnerability from certfr_avis

Solution

Vulnerability from fkie_nvd

Vulnerability from github

Tags

Sightings

Nomenclature