Details of VAR-201708-1506

ID

VAR-201708-1506

CVE

CVE-2017-6869

TITLE

Siemens ViewPort for Web Office Portal Remote code execution vulnerability

Trust: 0.8

sources: IVD: 0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d // CNVD: CNVD-2017-12112

DESCRIPTION

A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. Siemens ViewPort for Web Office Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Web Office Portal provides authorized users to retrieve current data from the Control Center solution Spectrum PowerTM in a read-only manner

Trust: 2.7

sources: NVD: CVE-2017-6869 // JVNDB: JVNDB-2017-007163 // CNVD: CNVD-2017-12112 // BID: 99343 // IVD: 0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d // VULMON: CVE-2017-6869

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d // CNVD: CNVD-2017-12112

AFFECTED PRODUCTS

vendor:	siemens	model:	viewport for web office portal	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	viewport for web office portal	scope:	lt	version:	revision number 1453	Trust: 0.8
vendor:	siemens	model:	viewport for web office portal	scope:	lt	version:	1453	Trust: 0.6
vendor:	siemens	model:	viewport for web office portal	scope:	eq	version:	1452	Trust: 0.3
vendor:	siemens	model:	viewport for web office portal	scope:	ne	version:	1453	Trust: 0.3
vendor:	viewport for web office portal	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d // CNVD: CNVD-2017-12112 // BID: 99343 // JVNDB: JVNDB-2017-007163 // CNNVD: CNNVD-201703-628 // NVD: CVE-2017-6869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6869
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6869
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-12112
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-628
value:	CRITICAL
Trust: 0.6
IVD:	0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2017-6869
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6869
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-12112
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-6869
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d // CNVD: CNVD-2017-12112 // VULMON: CVE-2017-6869 // JVNDB: JVNDB-2017-007163 // CNNVD: CNNVD-201703-628 // NVD: CVE-2017-6869

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2017-007163 // NVD: CVE-2017-6869

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-628

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201703-628

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007163

PATCH

title:	SSA-545214	url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf	Trust: 0.8
title:	Patch for Siemens ViewPort for Web Office Portal Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/96915	Trust: 0.6
title:	Siemens ViewPort for Web Office Portal Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99681	Trust: 0.6

sources: CNVD: CNVD-2017-12112 // JVNDB: JVNDB-2017-007163 // CNNVD: CNNVD-201703-628

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6869	Trust: 3.6
db:	SIEMENS	id:	SSA-545214	Trust: 2.3
db:	BID	id:	99343	Trust: 2.0
db:	ICS CERT	id:	ICSA-17-180-03	Trust: 1.2
db:	CNVD	id:	CNVD-2017-12112	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-628	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007163	Trust: 0.8
db:	IVD	id:	0A4ACB9E-A4F9-4E80-AACD-8CA53BBD700D	Trust: 0.2
db:	VULMON	id:	CVE-2017-6869	Trust: 0.1

sources: IVD: 0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d // CNVD: CNVD-2017-12112 // VULMON: CVE-2017-6869 // BID: 99343 // JVNDB: JVNDB-2017-007163 // CNNVD: CNNVD-201703-628 // NVD: CVE-2017-6869

REFERENCES

url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf	Trust: 2.3
url:	http://www.securityfocus.com/bid/99343	Trust: 1.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-180-03	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6869	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6869	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-12112 // VULMON: CVE-2017-6869 // BID: 99343 // JVNDB: JVNDB-2017-007163 // CNNVD: CNNVD-201703-628 // NVD: CVE-2017-6869

CREDITS

Hannes Trunde from Kapsch BusinessCom AG

Trust: 0.3

sources: BID: 99343

SOURCES

db:	IVD	id:	0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d
db:	CNVD	id:	CNVD-2017-12112
db:	VULMON	id:	CVE-2017-6869
db:	BID	id:	99343
db:	JVNDB	id:	JVNDB-2017-007163
db:	CNNVD	id:	CNNVD-201703-628
db:	NVD	id:	CVE-2017-6869

LAST UPDATE DATE

2025-04-20T23:38:27.943000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-12112	date:	2017-06-30T00:00:00
db:	VULMON	id:	CVE-2017-6869	date:	2019-10-09T00:00:00
db:	BID	id:	99343	date:	2017-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-007163	date:	2017-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201703-628	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6869	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d	date:	2017-06-30T00:00:00
db:	CNVD	id:	CNVD-2017-12112	date:	2017-06-30T00:00:00
db:	VULMON	id:	CVE-2017-6869	date:	2017-08-08T00:00:00
db:	BID	id:	99343	date:	2017-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-007163	date:	2017-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201703-628	date:	2017-03-16T00:00:00
db:	NVD	id:	CVE-2017-6869	date:	2017-08-08T00:29:00.180