var-201507-0047
Vulnerability from variot
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. Siemens SICAM MIC is an energy automation modular remote control unit belonging to the SICAM RTU product family. Siemens SICAM MIC is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Versions prior to Siemens SICAM MIC 2404 are vulnerable. The equipment is mainly used in the energy industry
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam mic",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2403"
},
{
"model": "sicam mic",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sicam mic",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v2404"
},
{
"model": "sicam mic",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "2404"
},
{
"model": "sicam mic",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2403"
},
{
"model": "sicam mic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sicam mic",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2404"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sicam mic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"db": "BID",
"id": "75904"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-636"
},
{
"db": "NVD",
"id": "CVE-2015-5386"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:siemens:sicam_mic",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sicam_mic_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philippe Oechslin from Objectif S\u00e9curit\u00e9",
"sources": [
{
"db": "BID",
"id": "75904"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5386",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-5386",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-04832",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "822c9e88-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-83347",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5386",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-5386",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-04832",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-636",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-83347",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"db": "VULHUB",
"id": "VHN-83347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-636"
},
{
"db": "NVD",
"id": "CVE-2015-5386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. Siemens SICAM MIC is an energy automation modular remote control unit belonging to the SICAM RTU product family. Siemens SICAM MIC is prone to a remote authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. \nVersions prior to Siemens SICAM MIC 2404 are vulnerable. The equipment is mainly used in the energy industry",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5386"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"db": "BID",
"id": "75904"
},
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83347"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5386",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-195-01",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-632547",
"trust": 2.0
},
{
"db": "BID",
"id": "75904",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201507-636",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-04832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846",
"trust": 0.8
},
{
"db": "IVD",
"id": "822C9E88-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83347",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"db": "VULHUB",
"id": "VHN-83347"
},
{
"db": "BID",
"id": "75904"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-636"
},
{
"db": "NVD",
"id": "CVE-2015-5386"
}
]
},
"id": "VAR-201507-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"db": "VULHUB",
"id": "VHN-83347"
}
],
"trust": 1.5011904500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04832"
}
]
},
"last_update_date": "2024-11-23T22:59:35.962000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-632547",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf"
},
{
"title": "Siemens SICAM MIC authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61281"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"db": "NVD",
"id": "CVE-2015-5386"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-195-01"
},
{
"trust": 2.0,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5386"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5386"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/remote-terminal-units/pages/sicam-mic.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"db": "VULHUB",
"id": "VHN-83347"
},
{
"db": "BID",
"id": "75904"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-636"
},
{
"db": "NVD",
"id": "CVE-2015-5386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"db": "VULHUB",
"id": "VHN-83347"
},
{
"db": "BID",
"id": "75904"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-636"
},
{
"db": "NVD",
"id": "CVE-2015-5386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-27T00:00:00",
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"date": "2015-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-83347"
},
{
"date": "2015-07-15T00:00:00",
"db": "BID",
"id": "75904"
},
{
"date": "2015-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-636"
},
{
"date": "2015-07-16T19:59:04.660000",
"db": "NVD",
"id": "CVE-2015-5386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04832"
},
{
"date": "2015-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-83347"
},
{
"date": "2015-07-15T00:00:00",
"db": "BID",
"id": "75904"
},
{
"date": "2015-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003846"
},
{
"date": "2015-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-636"
},
{
"date": "2024-11-21T02:32:56.077000",
"db": "NVD",
"id": "CVE-2015-5386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-636"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SICAM MIC Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "822c9e88-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-636"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…