Sign-up

ID

VAR-201809-0290


CVE

CVE-2018-13806


TITLE

Siemens TD Keypad Designer DLL Hijacking vulnerability

Trust: 0.8

sources: IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c // CNVD: CNVD-2020-02200

DESCRIPTION

A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known. SIEMENS TD Keypad Designer Contains an uncontrolled search path element vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

Trust: 2.61

sources: NVD: CVE-2018-13806 // JVNDB: JVNDB-2018-010723 // CNVD: CNVD-2020-02200 // BID: 108564 // IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c // CNVD: CNVD-2020-02200

AFFECTED PRODUCTS

vendor:siemensmodel:td keypad designerscope: - version: -

Trust: 2.0

vendor:siemensmodel:td keypad designerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:td keypad designerscope:eqversion:0

Trust: 0.3

vendor:td keypad designermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c // CNVD: CNVD-2020-02200 // BID: 108564 // JVNDB: JVNDB-2018-010723 // CNNVD: CNNVD-201809-574 // NVD: CVE-2018-13806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13806
value: HIGH

Trust: 1.0

NVD: CVE-2018-13806
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-02200
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-574
value: HIGH

Trust: 0.6

IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-13806
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02200
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-13806
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c // CNVD: CNVD-2020-02200 // JVNDB: JVNDB-2018-010723 // CNNVD: CNNVD-201809-574 // NVD: CVE-2018-13806

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.8

sources: JVNDB: JVNDB-2018-010723 // NVD: CVE-2018-13806

THREAT TYPE

local

Trust: 0.9

sources: BID: 108564 // CNNVD: CNNVD-201809-574

TYPE

Code problem

Trust: 0.8

sources: IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c // CNNVD: CNNVD-201809-574

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010723

PATCH
title:SSA-198330url:https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf
Trust: 0.8
title:Patch for Siemens TD Keypad Designer DLL Hijacking Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/197069
Trust: 0.6
title:Siemens TD Keypad Designer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84841
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02200 // 
            
            
            
            JVNDB: JVNDB-2018-010723 // 
            
            
            
            CNNVD: CNNVD-201809-574

EXTERNAL IDS
db:NVDid:CVE-2018-13806
Trust: 3.5
db:SIEMENSid:SSA-198330
Trust: 1.6
db:ICS CERTid:ICSA-18-254-03
Trust: 1.1
db:CNVDid:CNVD-2020-02200
Trust: 0.8
db:CNNVDid:CNNVD-201809-574
Trust: 0.8
db:JVNDBid:JVNDB-2018-010723
Trust: 0.8
db:BIDid:108564
Trust: 0.3
db:IVDid:BA63C8D0-EC8F-4076-8C51-FBFA5407409C
Trust: 0.2
sources:
            
            
            IVD: ba63c8d0-ec8f-4076-8c51-fbfa5407409c // 
            
            
            
            CNVD: CNVD-2020-02200 // 
            
            
            
            BID: 108564 // 
            
            
            
            JVNDB: JVNDB-2018-010723 // 
            
            
            
            CNNVD: CNNVD-201809-574 // 
            
            
            
            NVD: CVE-2018-13806

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-13806
Trust: 1.4
url:https://ics-cert.us-cert.gov/advisories/icsa-18-254-03
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13806
Trust: 0.8
url:http://www.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2020-02200 // 
            
            
            
            BID: 108564 // 
            
            
            
            JVNDB: JVNDB-2018-010723 // 
            
            
            
            CNNVD: CNNVD-201809-574 // 
            
            
            
            NVD: CVE-2018-13806

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108564

SOURCES
db:IVDid:ba63c8d0-ec8f-4076-8c51-fbfa5407409c
db:CNVDid:CNVD-2020-02200
db:BIDid:108564
db:JVNDBid:JVNDB-2018-010723
db:CNNVDid:CNNVD-201809-574
db:NVDid:CVE-2018-13806

LAST UPDATE DATE
2024-11-23T22:34:07.741000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02200date:2020-01-14T00:00:00
db:BIDid:108564date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-010723date:2019-01-08T00:00:00
db:CNNVDid:CNNVD-201809-574date:2019-10-17T00:00:00
db:NVDid:CVE-2018-13806date:2024-11-21T03:48:06.123

SOURCES RELEASE DATE
db:IVDid:ba63c8d0-ec8f-4076-8c51-fbfa5407409cdate:2020-01-14T00:00:00
db:CNVDid:CNVD-2020-02200date:2020-01-14T00:00:00
db:BIDid:108564date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-010723date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201809-574date:2018-09-13T00:00:00
db:NVDid:CVE-2018-13806date:2018-09-12T13:29:01.047