Sign-up

ID

VAR-201208-0350


CVE

CVE-2012-3020


TITLE

Siemens Synco OZW Unsafe Default Password Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-4097 // CNNVD: CNNVD-201208-015

DESCRIPTION

The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. Siemens Synco OZW equipment is used to remotely operate and monitor building automation equipment. There is a default administrator password for Siemens Synco OZW. There is no mandatory password change during application installation, and an attacker can use this password to gain control over the application. Siemens Synco OZW is prone to an insecure-default-password vulnerability

Trust: 2.7

sources: NVD: CVE-2012-3020 // JVNDB: JVNDB-2012-003489 // CNVD: CNVD-2012-4097 // BID: 54771 // IVD: 8fddf6a6-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56301

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 8fddf6a6-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4097

AFFECTED PRODUCTS

vendor:siemensmodel:synco ozw web serverscope:eqversion:ozw672.01

Trust: 2.4

vendor:siemensmodel:synco ozw web serverscope:eqversion:ozw672.04

Trust: 2.4

vendor:siemensmodel:synco ozw web serverscope:eqversion:ozw672.16

Trust: 2.4

vendor:siemensmodel:synco ozw web serverscope:eqversion:ozw772.01

Trust: 2.4

vendor:siemensmodel:synco ozw web serverscope:eqversion:ozw772.04

Trust: 2.4

vendor:siemensmodel:synco ozw web serverscope:eqversion:ozw772.16

Trust: 2.4

vendor:siemensmodel:synco ozw web serverscope:eqversion:ozw772.250

Trust: 2.4

vendor:siemensmodel:synco ozw web serverscope:eqversion:ozw775

Trust: 2.4

vendor:siemensmodel:synco ozw web serverscope:lteversion:3.0

Trust: 1.0

vendor:siemensmodel:synco ozw web serverscope:ltversion:4

Trust: 0.8

vendor:siemensmodel:synco ozw775scope: - version: -

Trust: 0.6

vendor:siemensmodel:synco ozw672.16scope: - version: -

Trust: 0.6

vendor:siemensmodel:synco ozw772.16scope: - version: -

Trust: 0.6

vendor:siemensmodel:synco ozw672.01scope: - version: -

Trust: 0.6

vendor:siemensmodel:synco ozw772.01scope: - version: -

Trust: 0.6

vendor:siemensmodel:synco ozw772.04scope: - version: -

Trust: 0.6

vendor:siemensmodel:synco ozw772.250scope: - version: -

Trust: 0.6

vendor:siemensmodel:synco ozw672.04scope: - version: -

Trust: 0.6

vendor:siemensmodel:ozwscope:eqversion:775

Trust: 0.3

vendor:siemensmodel:ozwscope:eqversion:772.250

Trust: 0.3

vendor:siemensmodel:ozwscope:eqversion:772.16

Trust: 0.3

vendor:siemensmodel:ozwscope:eqversion:772.04

Trust: 0.3

vendor:siemensmodel:ozwscope:eqversion:772.01

Trust: 0.3

vendor:siemensmodel:ozwscope:eqversion:672.16

Trust: 0.3

vendor:siemensmodel:ozwscope:eqversion:672.04

Trust: 0.3

vendor:siemensmodel:ozwscope:eqversion:672.01

Trust: 0.3

vendor:siemensmodel:synco ozw web server ozw672.01scope: - version: -

Trust: 0.2

vendor:siemensmodel:synco ozw web server ozw772.04scope: - version: -

Trust: 0.2

vendor:siemensmodel:synco ozw web server ozw775scope: - version: -

Trust: 0.2

vendor:siemensmodel:synco ozw web server ozw672.04scope: - version: -

Trust: 0.2

vendor:siemensmodel:synco ozw web serverscope:eqversion:3.0

Trust: 0.2

vendor:siemensmodel:synco ozw web server ozw772.250scope: - version: -

Trust: 0.2

vendor:siemensmodel:synco ozw web server ozw772.01scope: - version: -

Trust: 0.2

vendor:siemensmodel:synco ozw web server ozw772.16scope: - version: -

Trust: 0.2

vendor:siemensmodel:synco ozw web server ozw672.16scope: - version: -

Trust: 0.2

vendor:siemensmodel:ozw775 ozw672.01 ozw672.04 ozw672.16 ozw772.01 ozw772.04 ozw772.16 ozw772.250 nonescope: - version: -

Trust: 0.2

sources: IVD: 8fddf6a6-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4097 // BID: 54771 // JVNDB: JVNDB-2012-003489 // CNNVD: CNNVD-201208-015 // NVD: CVE-2012-3020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3020
value: HIGH

Trust: 1.0

NVD: CVE-2012-3020
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201208-015
value: HIGH

Trust: 0.6

IVD: 8fddf6a6-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-56301
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-3020
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 8fddf6a6-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-56301
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 8fddf6a6-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56301 // JVNDB: JVNDB-2012-003489 // CNNVD: CNNVD-201208-015 // NVD: CVE-2012-3020

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-56301 // JVNDB: JVNDB-2012-003489 // NVD: CVE-2012-3020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-015

TYPE

Trust management

Trust: 0.8

sources: IVD: 8fddf6a6-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201208-015

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003489

PATCH
title:Central communication unitsurl:http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=41929231&subtype=130000&caller=view
Trust: 0.8
title:Top Pageurl:http://www.siemens.com/
Trust: 0.8
title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx
Trust: 0.8
title:シーメンス・ジャパン株式会社url:http://www.siemens.com/entry/jp/ja/
Trust: 0.8
title:Siemens Synco OZW Unsafe Default Password Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/19514
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-4097 // 
            
            
            
            JVNDB: JVNDB-2012-003489

EXTERNAL IDS
db:NVDid:CVE-2012-3020
Trust: 3.6
db:ICS CERTid:ICSA-12-214-01
Trust: 3.4
db:CNNVDid:CNNVD-201208-015
Trust: 0.9
db:CNVDid:CNVD-2012-4097
Trust: 0.8
db:JVNDBid:JVNDB-2012-003489
Trust: 0.8
db:BIDid:54771
Trust: 0.4
db:IVDid:8FDDF6A6-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-56301
Trust: 0.1
sources:
            
            
            IVD: 8fddf6a6-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-4097 // 
            
            
            
            VULHUB: VHN-56301 // 
            
            
            
            BID: 54771 // 
            
            
            
            JVNDB: JVNDB-2012-003489 // 
            
            
            
            CNNVD: CNNVD-201208-015 // 
            
            
            
            NVD: CVE-2012-3020

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-214-01.pdf
Trust: 3.4
url:http://support.automation.siemens.com/ww/view/en/41929231/130000
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3020
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3020
Trust: 0.8
url:http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&objid=41929231&subtype=130000&caller=view
Trust: 0.3
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-4097 // 
            
            
            
            VULHUB: VHN-56301 // 
            
            
            
            BID: 54771 // 
            
            
            
            JVNDB: JVNDB-2012-003489 // 
            
            
            
            CNNVD: CNNVD-201208-015 // 
            
            
            
            NVD: CVE-2012-3020

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 54771

SOURCES
db:IVDid:8fddf6a6-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-4097
db:VULHUBid:VHN-56301
db:BIDid:54771
db:JVNDBid:JVNDB-2012-003489
db:CNNVDid:CNNVD-201208-015
db:NVDid:CVE-2012-3020

LAST UPDATE DATE
2025-04-11T23:19:34.368000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-4097date:2012-08-07T00:00:00
db:VULHUBid:VHN-56301date:2012-08-07T00:00:00
db:BIDid:54771date:2012-08-01T00:00:00
db:JVNDBid:JVNDB-2012-003489date:2012-08-09T00:00:00
db:CNNVDid:CNNVD-201208-015date:2012-08-08T00:00:00
db:NVDid:CVE-2012-3020date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:8fddf6a6-2353-11e6-abef-000c29c66e3ddate:2012-08-07T00:00:00
db:CNVDid:CNVD-2012-4097date:2012-08-07T00:00:00
db:VULHUBid:VHN-56301date:2012-08-06T00:00:00
db:BIDid:54771date:2012-08-01T00:00:00
db:JVNDBid:JVNDB-2012-003489date:2012-08-09T00:00:00
db:CNNVDid:CNNVD-201208-015date:2012-08-08T00:00:00
db:NVDid:CVE-2012-3020date:2012-08-06T16:55:04.917