Details of VAR-201910-1749

ID

VAR-201910-1749

TITLE

Integer overflow vulnerability in sacommoncontrols.dll control of Siemens SIMATIC STEP 7

Trust: 0.6

sources: CNVD: CNVD-2019-36479

DESCRIPTION

Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens (Germany). The software provides PLC programming, design option packages and advanced driver technology. An integer overflow vulnerability exists in the sacommoncontrols.dll control of Siemens SIMATIC STEP 7. An attacker could exploit the vulnerability to cause an integer overflow

Trust: 0.72

sources: CNVD: CNVD-2019-36479 // IVD: 10e6fcba-992e-4018-82a6-168e6c6436e4

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 10e6fcba-992e-4018-82a6-168e6c6436e4 // CNVD: CNVD-2019-36479

AFFECTED PRODUCTS

vendor:

siemens

model:

simatic step

scope:

version:

Trust: 0.8

sources: IVD: 10e6fcba-992e-4018-82a6-168e6c6436e4 // CNVD: CNVD-2019-36479

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-36479
value:	HIGH
Trust: 0.6
IVD:	10e6fcba-992e-4018-82a6-168e6c6436e4
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2019-36479
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	10e6fcba-992e-4018-82a6-168e6c6436e4
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 10e6fcba-992e-4018-82a6-168e6c6436e4 // CNVD: CNVD-2019-36479

TYPE

Buffer error

Trust: 0.2

sources: IVD: 10e6fcba-992e-4018-82a6-168e6c6436e4

PATCH

title:

Binary vulnerability in sacommoncontrols.dll control ResizeGrid function of SIMATIC STEP 7

url:

https://www.cnvd.org.cn/patchinfo/show/180623

Trust: 0.6

sources: CNVD: CNVD-2019-36479

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-36479	Trust: 0.8
db:	IVD	id:	10E6FCBA-992E-4018-82A6-168E6C6436E4	Trust: 0.2

sources: IVD: 10e6fcba-992e-4018-82a6-168e6c6436e4 // CNVD: CNVD-2019-36479

SOURCES

db:	IVD	id:	10e6fcba-992e-4018-82a6-168e6c6436e4
db:	CNVD	id:	CNVD-2019-36479

LAST UPDATE DATE

2022-05-17T01:50:53.227000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-36479

date:

2020-01-23T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	10e6fcba-992e-4018-82a6-168e6c6436e4	date:	2019-10-22T00:00:00
db:	CNVD	id:	CNVD-2019-36479	date:	2019-10-31T00:00:00