Details of VAR-201507-0047

ID

VAR-201507-0047

CVE

CVE-2015-5386

TITLE

Siemens SICAM MIC Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: 822c9e88-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-04832

DESCRIPTION

Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. Siemens SICAM MIC is an energy automation modular remote control unit belonging to the SICAM RTU product family. Siemens SICAM MIC is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Versions prior to Siemens SICAM MIC 2404 are vulnerable. The equipment is mainly used in the energy industry

Trust: 2.7

sources: NVD: CVE-2015-5386 // JVNDB: JVNDB-2015-003846 // CNVD: CNVD-2015-04832 // BID: 75904 // IVD: 822c9e88-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-83347

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 822c9e88-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-04832

AFFECTED PRODUCTS

vendor:	siemens	model:	sicam mic	scope:	lte	version:	2403	Trust: 1.0
vendor:	siemens	model:	sicam mic	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sicam mic	scope:	lt	version:	v2404	Trust: 0.8
vendor:	siemens	model:	sicam mic	scope:	lt	version:	2404	Trust: 0.6
vendor:	siemens	model:	sicam mic	scope:	eq	version:	2403	Trust: 0.6
vendor:	siemens	model:	sicam mic	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	sicam mic	scope:	ne	version:	2404	Trust: 0.3
vendor:	sicam mic	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 822c9e88-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-04832 // BID: 75904 // JVNDB: JVNDB-2015-003846 // CNNVD: CNNVD-201507-636 // NVD: CVE-2015-5386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5386
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-5386
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-04832
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201507-636
value:	CRITICAL
Trust: 0.6
IVD:	822c9e88-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-83347
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-5386
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04832
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	822c9e88-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-83347
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 822c9e88-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-04832 // VULHUB: VHN-83347 // JVNDB: JVNDB-2015-003846 // CNNVD: CNNVD-201507-636 // NVD: CVE-2015-5386

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-83347 // JVNDB: JVNDB-2015-003846 // NVD: CVE-2015-5386

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-636

TYPE

Input validation

Trust: 0.8

sources: IVD: 822c9e88-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201507-636

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003846

PATCH

title:	SSA-632547	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf	Trust: 0.8
title:	Siemens SICAM MIC authentication bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/61281	Trust: 0.6

sources: CNVD: CNVD-2015-04832 // JVNDB: JVNDB-2015-003846

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5386	Trust: 3.6
db:	ICS CERT	id:	ICSA-15-195-01	Trust: 2.8
db:	SIEMENS	id:	SSA-632547	Trust: 2.0
db:	BID	id:	75904	Trust: 1.0
db:	CNNVD	id:	CNNVD-201507-636	Trust: 0.9
db:	CNVD	id:	CNVD-2015-04832	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-003846	Trust: 0.8
db:	IVD	id:	822C9E88-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-83347	Trust: 0.1

sources: IVD: 822c9e88-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-04832 // VULHUB: VHN-83347 // BID: 75904 // JVNDB: JVNDB-2015-003846 // CNNVD: CNNVD-201507-636 // NVD: CVE-2015-5386

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-195-01	Trust: 2.8
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf	Trust: 2.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5386	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5386	Trust: 0.8
url:	http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/remote-terminal-units/pages/sicam-mic.aspx	Trust: 0.3

sources: CNVD: CNVD-2015-04832 // VULHUB: VHN-83347 // BID: 75904 // JVNDB: JVNDB-2015-003846 // CNNVD: CNNVD-201507-636 // NVD: CVE-2015-5386

CREDITS

Philippe Oechslin from Objectif Sécurité

Trust: 0.3

sources: BID: 75904

SOURCES

db:	IVD	id:	822c9e88-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-04832
db:	VULHUB	id:	VHN-83347
db:	BID	id:	75904
db:	JVNDB	id:	JVNDB-2015-003846
db:	CNNVD	id:	CNNVD-201507-636
db:	NVD	id:	CVE-2015-5386

LAST UPDATE DATE

2025-04-13T23:36:27.423000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04832	date:	2015-07-27T00:00:00
db:	VULHUB	id:	VHN-83347	date:	2015-07-17T00:00:00
db:	BID	id:	75904	date:	2015-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-003846	date:	2015-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201507-636	date:	2015-07-27T00:00:00
db:	NVD	id:	CVE-2015-5386	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	822c9e88-2351-11e6-abef-000c29c66e3d	date:	2015-07-27T00:00:00
db:	CNVD	id:	CNVD-2015-04832	date:	2015-07-27T00:00:00
db:	VULHUB	id:	VHN-83347	date:	2015-07-16T00:00:00
db:	BID	id:	75904	date:	2015-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-003846	date:	2015-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201507-636	date:	2015-07-17T00:00:00
db:	NVD	id:	CVE-2015-5386	date:	2015-07-16T19:59:04.660