Details of VAR-201301-0550

ID

VAR-201301-0550

TITLE

SIEMENS SIMATIC S7 PLC System Password Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-00453 // CNNVD: CNNVD-201301-382

DESCRIPTION

Siemens SIMATIC is an automation software in a single engineering environment. The challenge-response protocol used by SIEMENS SIMATIC S7 PLC for online verification has security vulnerabilities that allow attackers in border networks to intercept TCP/IP communications and then obtain challenge-response data from files for password brute force hacking. Siemens SIMATIC S7 Programmable Logic Controllers (PLC) systems are prone to a password-disclosure vulnerability. Attackers can exploit this issue to obtain device password credentials. This may aid in further attacks

Trust: 0.99

sources: CNVD: CNVD-2013-00453 // BID: 57439 // IVD: 5f8d725e-1f3b-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5f8d725e-1f3b-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00453

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7 plc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7 plc systems	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic s7 plc null	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 5f8d725e-1f3b-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00453 // BID: 57439

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	5f8d725e-1f3b-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	5f8d725e-1f3b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 5f8d725e-1f3b-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-382

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201301-382

EXTERNAL IDS

db:	BID	id:	57439	Trust: 1.5
db:	ICS CERT ALERT	id:	ICS-ALERT-13-016-02	Trust: 0.9
db:	CNVD	id:	CNVD-2013-00453	Trust: 0.8
db:	CNNVD	id:	CNNVD-201301-382	Trust: 0.6
db:	IVD	id:	5F8D725E-1F3B-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 5f8d725e-1f3b-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00453 // BID: 57439 // CNNVD: CNNVD-201301-382

REFERENCES

url:	https://ics-cert.us-cert.gov/alerts/ics-alert-13-016-02	Trust: 0.6
url:	http://www.securityfocus.com/bid/57439	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	http://www.automation.siemens.com/mcms/programmable-logic-controller/en/simatic-s7-controller/pages/default.aspx	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-13-016-02.pdf	Trust: 0.3

sources: CNVD: CNVD-2013-00453 // BID: 57439 // CNNVD: CNNVD-201301-382

CREDITS

Alexander Timorin and Dmitry Sklyarov

Trust: 0.9

sources: BID: 57439 // CNNVD: CNNVD-201301-382

SOURCES

db:	IVD	id:	5f8d725e-1f3b-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-00453
db:	BID	id:	57439
db:	CNNVD	id:	CNNVD-201301-382

LAST UPDATE DATE

2022-05-17T02:10:40.773000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-00453	date:	2016-09-13T00:00:00
db:	BID	id:	57439	date:	2013-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201301-382	date:	2013-01-21T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	5f8d725e-1f3b-11e6-abef-000c29c66e3d	date:	2013-01-23T00:00:00
db:	CNVD	id:	CNVD-2013-00453	date:	2013-01-23T00:00:00
db:	BID	id:	57439	date:	2013-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201301-382	date:	2013-01-21T00:00:00