var-201607-0463
Vulnerability from variot
Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. SIMATIC NET is an open and diverse communication system from Siemens at the industrial control level. A denial of service vulnerability exists in Siemens SIMATIC NET PCSoftware. Need to manually restart the recovery system. An attacker can exploit this issue to cause the affected application to restart, denying service to legitimate users. Siemens SIMATIC NET PC-Software is a set of software from Siemens, Germany, which supports PLC (programmable logic controller) and personal computer network communication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic net pc-software",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc software",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "13 sp2"
},
{
"model": "simatic net pc-software sp2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic net pc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_net_pc-software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vladimir Dashchenko from Kaspersky Labs.",
"sources": [
{
"db": "BID",
"id": "92110"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5874",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05347",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "5524f002-9108-4173-a9a0-5c2688ac020e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-94694",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5874",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5874",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5874",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-05347",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-906",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94694",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. SIMATIC NET is an open and diverse communication system from Siemens at the industrial control level. A denial of service vulnerability exists in Siemens SIMATIC NET PCSoftware. Need to manually restart the recovery system. \nAn attacker can exploit this issue to cause the affected application to restart, denying service to legitimate users. Siemens SIMATIC NET PC-Software is a set of software from Siemens, Germany, which supports PLC (programmable logic controller) and personal computer network communication",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "VULHUB",
"id": "VHN-94694"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5874",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-453276",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-208-02",
"trust": 2.2
},
{
"db": "BID",
"id": "92110",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05347",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081",
"trust": 0.8
},
{
"db": "IVD",
"id": "5524F002-9108-4173-A9A0-5C2688AC020E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-94694",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"id": "VAR-201607-0463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
}
],
"trust": 1.6307692
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
}
]
},
"last_update_date": "2024-11-23T21:54:30.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-453276",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-453276.pdf"
},
{
"title": "Siemens SIMATIC NET PCSoftware denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79539"
},
{
"title": "Siemens SIMATIC NET PC-Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63266"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-453276.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-208-02"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92110"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5874"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5874"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-25T00:00:00",
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-94694"
},
{
"date": "2016-07-22T00:00:00",
"db": "BID",
"id": "92110"
},
{
"date": "2016-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-906"
},
{
"date": "2016-07-22T15:59:02.897000",
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-94694"
},
{
"date": "2016-07-22T00:00:00",
"db": "BID",
"id": "92110"
},
{
"date": "2016-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-906"
},
{
"date": "2024-11-21T02:55:10.807000",
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC NET PCSoftware Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…