Details of VAR-201702-0669

ID

VAR-201702-0669

CVE

CVE-2017-2684

TITLE

Siemens SIMATIC Logon Vulnerabilities that bypass application-level authentication

Trust: 0.8

sources: JVNDB: JVNDB-2017-002227

DESCRIPTION

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG. There is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT

Trust: 2.7

sources: NVD: CVE-2017-2684 // JVNDB: JVNDB-2017-002227 // CNVD: CNVD-2017-01343 // BID: 96208 // IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // VULHUB: VHN-110887

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // CNVD: CNVD-2017-01343

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic logon	scope:	lte	version:	1.5	Trust: 1.0
vendor:	siemens	model:	simatic logon	scope:	lt	version:	1.5 sp3 update 2	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	7	Trust: 0.6
vendor:	siemens	model:	simatic pdm	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic it	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic logon	scope:	eq	version:	1.5	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.41	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.4	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.32	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.310	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.31	Trust: 0.3
vendor:	siemens	model:	simatic wincc upd4	scope:	eq	version:	7.3	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.3	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.29	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.28	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.21	Trust: 0.3
vendor:	siemens	model:	simatic wincc upd4	scope:	eq	version:	7.2	Trust: 0.3
vendor:	siemens	model:	simatic wincc upd11	scope:	eq	version:	7.2	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.2	Trust: 0.3
vendor:	siemens	model:	simatic wincc sp3 upd	scope:	eq	version:	7.08	Trust: 0.3
vendor:	siemens	model:	simatic wincc sp3	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc sp2 upd	scope:	eq	version:	7.012	Trust: 0.3
vendor:	siemens	model:	simatic wincc sp2	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc sp	scope:	eq	version:	7.03	Trust: 0.3
vendor:	siemens	model:	simatic wincc sp	scope:	eq	version:	7.02	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic pdm	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	78.2	Trust: 0.3
vendor:	siemens	model:	simatic pcs sp1	scope:	eq	version:	78.1	Trust: 0.3
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	78.1	Trust: 0.3
vendor:	siemens	model:	simatic pcs sp1	scope:	eq	version:	78.0	Trust: 0.3
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	78.0	Trust: 0.3
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	78	Trust: 0.3
vendor:	siemens	model:	simatic pcs sp4	scope:	eq	version:	77.1	Trust: 0.3
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	77.1	Trust: 0.3
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	77	Trust: 0.3
vendor:	siemens	model:	simatic logon	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic it	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic logon sp3 update	scope:	ne	version:	1.52	Trust: 0.3
vendor:	simatic logon	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // CNVD: CNVD-2017-01343 // BID: 96208 // JVNDB: JVNDB-2017-002227 // NVD: CVE-2017-2684 // CNNVD: CNNVD-201702-612

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-2684
value:	CRITICAL
Trust: 1.8
CNVD:	CNVD-2017-01343
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201702-612
value:	CRITICAL
Trust: 0.6
IVD:	9bc72032-e004-41ac-bce6-0e6ff85b8945
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-110887
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-2684
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-01343
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9bc72032-e004-41ac-bce6-0e6ff85b8945
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-110887
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2017-2684
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // CNVD: CNVD-2017-01343 // VULHUB: VHN-110887 // JVNDB: JVNDB-2017-002227 // NVD: CVE-2017-2684 // CNNVD: CNNVD-201702-612

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-110887 // JVNDB: JVNDB-2017-002227 // NVD: CVE-2017-2684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-612

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-612

CONFIGURATIONS

sources: NVD: CVE-2017-2684

PATCH

title:	SSA-931064	url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf	Trust: 0.8
title:	Patch for SIEMENS SIMATIC Logon Certification Bypass Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/176385	Trust: 0.6
title:	Multiple Siemens SIMATIC Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68203	Trust: 0.6

sources: CNVD: CNVD-2017-01343 // JVNDB: JVNDB-2017-002227 // CNNVD: CNNVD-201702-612

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2684	Trust: 3.6
db:	SIEMENS	id:	SSA-931064	Trust: 2.3
db:	BID	id:	96208	Trust: 2.0
db:	ICS CERT	id:	ICSA-17-045-03	Trust: 1.1
db:	CNNVD	id:	CNNVD-201702-612	Trust: 0.9
db:	CNVD	id:	CNVD-2017-01343	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002227	Trust: 0.8
db:	IVD	id:	9BC72032-E004-41AC-BCE6-0E6FF85B8945	Trust: 0.2
db:	VULHUB	id:	VHN-110887	Trust: 0.1

sources: IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // CNVD: CNVD-2017-01343 // VULHUB: VHN-110887 // BID: 96208 // JVNDB: JVNDB-2017-002227 // NVD: CVE-2017-2684 // CNNVD: CNNVD-201702-612

REFERENCES

url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf	Trust: 2.3
url:	http://www.securityfocus.com/bid/96208	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-045-03	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2684	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2684	Trust: 0.8
url:	http://www.siemens.com/cert/en/cert-security-advisories.htm	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2017-01343 // VULHUB: VHN-110887 // BID: 96208 // JVNDB: JVNDB-2017-002227 // NVD: CVE-2017-2684 // CNNVD: CNNVD-201702-612

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 96208

SOURCES

db:	IVD	id:	9bc72032-e004-41ac-bce6-0e6ff85b8945
db:	CNVD	id:	CNVD-2017-01343
db:	VULHUB	id:	VHN-110887
db:	BID	id:	96208
db:	JVNDB	id:	JVNDB-2017-002227
db:	NVD	id:	CVE-2017-2684
db:	CNNVD	id:	CNNVD-201702-612

LAST UPDATE DATE

2023-12-18T13:57:27.176000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01343	date:	2019-08-22T00:00:00
db:	VULHUB	id:	VHN-110887	date:	2019-10-09T00:00:00
db:	BID	id:	96208	date:	2017-03-07T04:02:00
db:	JVNDB	id:	JVNDB-2017-002227	date:	2017-09-11T00:00:00
db:	NVD	id:	CVE-2017-2684	date:	2019-10-09T23:27:06.587
db:	CNNVD	id:	CNNVD-201702-612	date:	2019-10-17T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	9bc72032-e004-41ac-bce6-0e6ff85b8945	date:	2017-02-14T00:00:00
db:	CNVD	id:	CNVD-2017-01343	date:	2017-02-14T00:00:00
db:	VULHUB	id:	VHN-110887	date:	2017-02-22T00:00:00
db:	BID	id:	96208	date:	2017-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-002227	date:	2017-04-05T00:00:00
db:	NVD	id:	CVE-2017-2684	date:	2017-02-22T02:59:00.153
db:	CNNVD	id:	CNNVD-201702-612	date:	2017-02-20T00:00:00