Sign-up

ID

VAR-201603-0115


CVE

CVE-2016-3155


TITLE

Siemens APOGEE Insight Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 5befc9de-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01759

DESCRIPTION

Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. Siemens APOGEE Insight is a building automation control system from Siemens AG, Germany. Information obtained may aid in other attacks

Trust: 2.7

sources: NVD: CVE-2016-3155 // JVNDB: JVNDB-2016-001832 // CNVD: CNVD-2016-01759 // BID: 84839 // IVD: 5befc9de-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-91974

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5befc9de-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01759

AFFECTED PRODUCTS

vendor:siemensmodel:apogee insightscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:apogee insightscope: - version: -

Trust: 1.4

vendor:apogee insightmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 5befc9de-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01759 // JVNDB: JVNDB-2016-001832 // CNNVD: CNNVD-201603-277 // NVD: CVE-2016-3155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3155
value: LOW

Trust: 1.0

NVD: CVE-2016-3155
value: LOW

Trust: 0.8

CNVD: CNVD-2016-01759
value: LOW

Trust: 0.6

CNNVD: CNNVD-201603-277
value: LOW

Trust: 0.6

IVD: 5befc9de-2351-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-91974
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-3155
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01759
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5befc9de-2351-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-91974
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-3155
baseSeverity: LOW
baseScore: 3.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 2.5
version: 3.0

Trust: 1.0

sources: IVD: 5befc9de-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01759 // VULHUB: VHN-91974 // JVNDB: JVNDB-2016-001832 // CNNVD: CNNVD-201603-277 // NVD: CVE-2016-3155

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-91974 // JVNDB: JVNDB-2016-001832 // NVD: CVE-2016-3155

THREAT TYPE

local

Trust: 0.9

sources: BID: 84839 // CNNVD: CNNVD-201603-277

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201603-277

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001832

PATCH
title:SSA-151221url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-151221.pdf
Trust: 0.8
title:Patch for Siemens APOGEE Insight Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/73055
Trust: 0.6
title:Siemens APOGEE Insight Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60617
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-01759 // 
            
            
            
            JVNDB: JVNDB-2016-001832 // 
            
            
            
            CNNVD: CNNVD-201603-277

EXTERNAL IDS
db:NVDid:CVE-2016-3155
Trust: 3.6
db:SIEMENSid:SSA-151221
Trust: 2.3
db:ICS CERTid:ICSA-16-082-01
Trust: 1.9
db:CNNVDid:CNNVD-201603-277
Trust: 0.9
db:CNVDid:CNVD-2016-01759
Trust: 0.8
db:JVNDBid:JVNDB-2016-001832
Trust: 0.8
db:BIDid:84839
Trust: 0.4
db:IVDid:5BEFC9DE-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-91974
Trust: 0.1
sources:
            
            
            IVD: 5befc9de-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2016-01759 // 
            
            
            
            VULHUB: VHN-91974 // 
            
            
            
            BID: 84839 // 
            
            
            
            JVNDB: JVNDB-2016-001832 // 
            
            
            
            CNNVD: CNNVD-201603-277 // 
            
            
            
            NVD: CVE-2016-3155

REFERENCES
url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-151221.pdf
Trust: 2.3
url:https://ics-cert.us-cert.gov/advisories/icsa-16-082-01
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3155
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3155
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-01759 // 
            
            
            
            VULHUB: VHN-91974 // 
            
            
            
            BID: 84839 // 
            
            
            
            JVNDB: JVNDB-2016-001832 // 
            
            
            
            CNNVD: CNNVD-201603-277 // 
            
            
            
            NVD: CVE-2016-3155

CREDITS
Network & Information Security Ltd. Company, China Electronic Corporation and HuNan Quality Inspection Institute
Trust: 0.3
sources:
            
            
            BID: 84839

SOURCES
db:IVDid:5befc9de-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-01759
db:VULHUBid:VHN-91974
db:BIDid:84839
db:JVNDBid:JVNDB-2016-001832
db:CNNVDid:CNNVD-201603-277
db:NVDid:CVE-2016-3155

LAST UPDATE DATE
2025-04-13T23:25:10.469000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01759date:2016-03-22T00:00:00
db:VULHUBid:VHN-91974date:2016-12-03T00:00:00
db:BIDid:84839date:2016-07-05T21:57:00
db:JVNDBid:JVNDB-2016-001832date:2016-03-23T00:00:00
db:CNNVDid:CNNVD-201603-277date:2016-03-21T00:00:00
db:NVDid:CVE-2016-3155date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:5befc9de-2351-11e6-abef-000c29c66e3ddate:2016-03-22T00:00:00
db:CNVDid:CNVD-2016-01759date:2016-03-22T00:00:00
db:VULHUBid:VHN-91974date:2016-03-18T00:00:00
db:BIDid:84839date:2016-03-18T00:00:00
db:JVNDBid:JVNDB-2016-001832date:2016-03-23T00:00:00
db:CNNVDid:CNNVD-201603-277date:2016-03-21T00:00:00
db:NVDid:CVE-2016-3155date:2016-03-18T14:59:05.657