Details of VAR-201611-0392

ID

VAR-201611-0392

TITLE

remote overflow vulnerability in siemens 840D

Trust: 0.6

sources: CNVD: CNVD-2016-11363

DESCRIPTION

siemens 840D is a numerical control system of Siemens, which has a wide range of application environments, including: packaging printing industry, such as: food packaging wheel cutting positioning, plastic rubber industry, such as: plastic tableware production line, white goods industry, can be used in fixed power production lines, CNC machine tool industry, suitable for small lathes, milling machines, etc. siemens 840D has a buffer overflow vulnerability. Allowing an attacker to exploit the vulnerability and obtain system administrator permissions, they can perform arbitrary operations on the host computer, such as shutting down, operating configuration software, obtaining configuration software files, and sending arbitrary instructions to the controller

Trust: 0.72

sources: CNVD: CNVD-2016-11363 // IVD: 9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd // CNVD: CNVD-2016-11363

AFFECTED PRODUCTS

vendor:

siemens

model:

840d

scope:

version:

Trust: 0.8

sources: IVD: 9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd // CNVD: CNVD-2016-11363

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-11363
value:	HIGH
Trust: 0.6
IVD:	9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2016-11363
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd // CNVD: CNVD-2016-11363

TYPE

Buffer error

Trust: 0.2

sources: IVD: 9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd

PATCH

title:

siemens 840D Remote Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/83827

Trust: 0.6

sources: CNVD: CNVD-2016-11363

EXTERNAL IDS

db:	CNVD	id:	CNVD-2016-11363	Trust: 0.8
db:	IVD	id:	9F8CC90E-CD3C-436A-BD57-C23DCEA0BBCD	Trust: 0.2

sources: IVD: 9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd // CNVD: CNVD-2016-11363

SOURCES

db:	IVD	id:	9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd
db:	CNVD	id:	CNVD-2016-11363

LAST UPDATE DATE

2022-05-17T02:02:26.729000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-11363

date:

2016-11-24T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	9f8cc90e-cd3c-436a-bd57-c23dcea0bbcd	date:	2016-11-21T00:00:00
db:	CNVD	id:	CNVD-2016-11363	date:	2016-12-26T00:00:00