Sign-up

ID

VAR-201512-0568


TITLE

Siemens APOGEE Insight Database Conversion Tool DLL Hijacking vulnerability

Trust: 0.8

sources: IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07953

DESCRIPTION

Insight is the monitoring configuration software used in Siemens building automation system APOGEE. There is a DLL hijacking vulnerability in the Siemens APOGEE Insight Database Conversion Tool. Because the Convert.exe program of Insight's Database Conversion component unsafely loads the library file (pointing to the atlas.dll file), an attacker can construct a malicious application and place it in a specific path, which can cause the application to maliciously load the DLL and execute it

Trust: 0.72

sources: CNVD: CNVD-2015-07953 // IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07953

AFFECTED PRODUCTS

vendor:siemensmodel:apogee insightscope:eqversion:3.13

Trust: 0.8

vendor:siemensmodel:apogee insightscope:eqversion:3.12

Trust: 0.6

vendor:siemensmodel:apogee insightscope:eqversion:3.12*

Trust: 0.2

sources: IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07953

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2015-07953
value: MEDIUM

Trust: 0.6

IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2015-07953
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:H/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:H/AU:N/C:C/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07953

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d

PATCH

title:Siemens APOGEE Insight Database Conversion Tool DLL Hijacking Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/72989

Trust: 0.6

sources: CNVD: CNVD-2015-07953

EXTERNAL IDS

db:CNVDid:CNVD-2015-07953

Trust: 0.8

db:IVDid:CC2C5646-1E50-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: cc2c5646-1e50-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07953

SOURCES

db:IVDid:cc2c5646-1e50-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-07953

LAST UPDATE DATE

2022-05-17T02:05:52.690000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-07953date:2017-01-22T00:00:00

SOURCES RELEASE DATE

db:IVDid:cc2c5646-1e50-11e6-abef-000c29c66e3ddate:2015-12-08T00:00:00
db:CNVDid:CNVD-2015-07953date:2015-12-25T00:00:00