Details of VAR-201911-1781

ID

VAR-201911-1781

TITLE

Authentication Bypass Vulnerability in SIEMENS SIMATIC S7-200 Smart PLC

Trust: 0.6

sources: CNVD: CNVD-2019-40162

DESCRIPTION

Siemens is a leading global technology company. With innovations in the areas of electrification, automation and digitalization, Siemens provides solutions for customers in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. SIEMENS SIMATIC S7-200 Smart PLC has an authentication bypass vulnerability. An attacker can bypass the identity authentication by falsifying data to arbitrarily alter the value of the PLC register

Trust: 0.72

sources: CNVD: CNVD-2019-40162 // IVD: 9f70822b-8ca6-4b55-941a-5a0cc46124b5

IOT TAXONOMY

category:	['IoT', 'ICS']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 9f70822b-8ca6-4b55-941a-5a0cc46124b5 // CNVD: CNVD-2019-40162

AFFECTED PRODUCTS

vendor:	siemens	model:	s7-200 smart plc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	s7-200 smart plc	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 9f70822b-8ca6-4b55-941a-5a0cc46124b5 // CNVD: CNVD-2019-40162

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-40162
value:	MEDIUM
Trust: 0.6
IVD:	9f70822b-8ca6-4b55-941a-5a0cc46124b5
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-40162
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9f70822b-8ca6-4b55-941a-5a0cc46124b5
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 9f70822b-8ca6-4b55-941a-5a0cc46124b5 // CNVD: CNVD-2019-40162

TYPE

Access verification error

Trust: 0.2

sources: IVD: 9f70822b-8ca6-4b55-941a-5a0cc46124b5

PATCH

title:

Authentication Bypass Vulnerability in SIEMENS SIMATIC S7-200 Smart PLC

url:

https://www.cnvd.org.cn/patchinfo/show/183799

Trust: 0.6

sources: CNVD: CNVD-2019-40162

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-40162	Trust: 0.8
db:	IVD	id:	9F70822B-8CA6-4B55-941A-5A0CC46124B5	Trust: 0.2

sources: IVD: 9f70822b-8ca6-4b55-941a-5a0cc46124b5 // CNVD: CNVD-2019-40162

SOURCES

db:	IVD	id:	9f70822b-8ca6-4b55-941a-5a0cc46124b5
db:	CNVD	id:	CNVD-2019-40162

LAST UPDATE DATE

2022-05-17T01:40:55.341000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-40162

date:

2019-11-13T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	9f70822b-8ca6-4b55-941a-5a0cc46124b5	date:	2019-11-12T00:00:00
db:	CNVD	id:	CNVD-2019-40162	date:	2019-11-17T00:00:00