Vulnerability-Lookup

CVE-2018-13801 (GCVE-0-2018-13801)

Vulnerability from cvelistv5 – Published: 2018-10-10 17:00 – Updated: 2024-09-16 22:10

Summary

A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.

Severity ?

No CVSS data available.

CWE

CWE-264 - Permissions, Privileges, and Access Controls

Assigner

siemens

References

URL

	Vendor	Product	Version
	Siemens AG	ROX II	Affected: All versions < V2.12.1

GHSA-GH8M-W78J-MVXC

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-13801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-10T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in ROX II (All versions \u003c V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.",
  "id": "GHSA-gh8m-w78j-mvxc",
  "modified": "2022-05-13T01:34:43Z",
  "published": "2022-05-13T01:34:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13801"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105545"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-13801

Vulnerability from fkie_nvd - Published: 2018-10-10 17:29 - Updated: 2024-11-21 03:48

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/105545	Third Party Advisory, VDB Entry
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf	Vendor Advisory
productcert@siemens.com	https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105545	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	siemens	rox_ii_firmware	*
	siemens	rox_ii	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:rox_ii_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60522046-6A22-4087-96D2-A9F825D85CE0",
              "versionEndExcluding": "2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:rox_ii:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA1FB2BC-5AE4-489F-A292-F7820CCB6838",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in ROX II (All versions \u003c V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en ROX II (todas las versiones anteriores a V2.12.1). Un atacante con acceso de red al puerto 22/tcp y credenciales de usuario v\u00e1lidas con pocos privilegios para el dispositivo objetivo podr\u00eda realizar un escalado de privilegios y obtener privilegios root. La explotaci\u00f3n exitosa requiere privilegios de usuario con pocos privilegios, pero no requiere que el usuario interact\u00fae. Esta vulnerabilidad podr\u00eda permitir que un atacante comprometa la confidencialidad, integridad y disponibilidad del sistema."
    }
  ],
  "id": "CVE-2018-13801",
  "lastModified": "2024-11-21T03:48:04.607",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-10T17:29:03.827",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105545"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-20532

Vulnerability from cnvd - Published: 2018-10-10

Title

SIEMENS ROX II权限提升漏洞

Description

SIMATIC ROX II是ROX-based VPN端点和防火墙设备用于连接在恶劣环境中运行的设备，如电力变电站和交通控制柜。 SIMATIC ROX II存在权限提升漏洞。具有对端口22/tcp的网络访问和目标设备的有效低特权用户凭证的攻击者可以执行特权升级并获得root权限。

Severity

高

Patch Name

SIEMENS ROX II权限提升漏洞的补丁

Patch Description

SIMATIC ROX II是ROX-based VPN端点和防火墙设备用于连接在恶劣环境中运行的设备，如电力变电站和交通控制柜。 SIMATIC ROX II存在权限提升漏洞。具有对端口22/tcp的网络访问和目标设备的有效低特权用户凭证的攻击者可以执行特权升级并获得root权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf

Impacted products

Name
SIEMENS ROX II < V2.12.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-13801"
    }
  },
  "description": "SIMATIC ROX II\u662fROX-based VPN\u7aef\u70b9\u548c\u9632\u706b\u5899\u8bbe\u5907\u7528\u4e8e\u8fde\u63a5\u5728\u6076\u52a3\u73af\u5883\u4e2d\u8fd0\u884c\u7684\u8bbe\u5907\uff0c\u5982\u7535\u529b\u53d8\u7535\u7ad9\u548c\u4ea4\u901a\u63a7\u5236\u67dc\u3002\r\n\r\nSIMATIC ROX II\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u5177\u6709\u5bf9\u7aef\u53e322/tcp\u7684\u7f51\u7edc\u8bbf\u95ee\u548c\u76ee\u6807\u8bbe\u5907\u7684\u6709\u6548\u4f4e\u7279\u6743\u7528\u6237\u51ed\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u6267\u884c\u7279\u6743\u5347\u7ea7\u5e76\u83b7\u5f97root\u6743\u9650\u3002",
  "discovererName": "Gerard Harney from NCC Group",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20532",
  "openTime": "2018-10-10",
  "patchDescription": "SIMATIC ROX II\u662fROX-based VPN\u7aef\u70b9\u548c\u9632\u706b\u5899\u8bbe\u5907\u7528\u4e8e\u8fde\u63a5\u5728\u6076\u52a3\u73af\u5883\u4e2d\u8fd0\u884c\u7684\u8bbe\u5907\uff0c\u5982\u7535\u529b\u53d8\u7535\u7ad9\u548c\u4ea4\u901a\u63a7\u5236\u67dc\u3002\r\n\r\nSIMATIC ROX II\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u5177\u6709\u5bf9\u7aef\u53e322/tcp\u7684\u7f51\u7edc\u8bbf\u95ee\u548c\u76ee\u6807\u8bbe\u5907\u7684\u6709\u6548\u4f4e\u7279\u6743\u7528\u6237\u51ed\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u6267\u884c\u7279\u6743\u5347\u7ea7\u5e76\u83b7\u5f97root\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SIEMENS ROX II\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS ROX II \u003c V2.12.1"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-10",
  "title": "SIEMENS ROX II\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CERTFR-2018-AVI-476

Vulnerability from certfr_avis - Published: 2018-10-09 - Updated: 2018-10-09

De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC IPC627C toutes versions
Siemens	N/A	SIMATIC IPC847C toutes versions
Siemens	N/A	SIMATIC IPC227E toutes versions
Siemens	N/A	SIMATIC ITP1000 toutes versions
Siemens	N/A	SINUMERIK Panels wtih integrated TCU toutes versions
Siemens	N/A	SIMATIC S7-1200 CPU versions antérieures à 4.2.3 exclue
Siemens	N/A	SIMATIC IPC427D versions de BIOS antérieures à 17.0x.14 exclue
Siemens	N/A	SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0) toutes versions
Siemens	N/A	SIMATIC S7-1500 Software Controller versions comprises entre à 2.0 inclue et 2.5 exclue
Siemens	N/A	SIMATIC ET 200 SP Open Controller toutes versions
Siemens	N/A	SIMATIC Field PG M5 versions de BIOS antérieures à 22.01.06 exclue
Siemens	N/A	SIMATIC IPC477D versions de BIOS antérieures à 17.0x.14 exclue
Siemens	N/A	SIMATIC IPC827D toutes versions
Siemens	N/A	SIMATIC ET 200SP Open Controller versions supérieures à 2.0 inclue
Siemens	N/A	SCALANCE W1750D versions antérieures à 8.3.0.1 exclue
Siemens	N/A	SIMATIC IPC477E Pro versions de BIOS antérieures à 21.01.09 exclue
Siemens	N/A	SIMATIC ET 200 SP Open Controller (F) toutes versions
Siemens	N/A	SINUMERIK 840 D sl (NCU720.3B, NCU730.3B, NCU720.3, NCU730.3) toutes versions
Siemens	N/A	SIMATIC IPC427E versions de BIOS antérieures à 21.01.09 exclue
Siemens	N/A	SIMATIC S7-1500 (incl. F) versions comprises entre 2.0 inclus et 2.5 exclue
Siemens	N/A	SIMATIC IPC3000 SMART V2 toutes versions
Siemens	N/A	SIMATIC IPC277E toutes versions
Siemens	N/A	SIMATIC IPC347E toutes versions
Siemens	N/A	RUGGEDCOM RX1400 VPE toutes versions
Siemens	N/A	SIMATIC IPC647C toutes versions
Siemens	N/A	SIMATIC IPC647D toutes versions
Siemens	N/A	SIMATIC IPC627D toutes versions
Siemens	N/A	SIMOTION P320-4S toutes versions
Siemens	N/A	SIMATIC IPC827C toutes versions
Siemens	N/A	SIMOTION P320-4E toutes versions
Siemens	N/A	SIMATIC IPC547E toutes versions
Siemens	N/A	SIMATIC IPC677D toutes versions
Siemens	N/A	SINUMERIK PCU 50.5 toutes versions
Siemens	N/A	SIMATIC IPC477E versions de BIOS antérieures à 21.01.09 exclue
Siemens	N/A	SIMATIC IPC327E toutes versions
Siemens	N/A	SIMATIC IPC677C toutes versions
Siemens	N/A	SINUMERIK TCU 30.3 toutes versions
Siemens	N/A	SIMATIC IPC547G toutes versions
Siemens	N/A	SIMATIC Field PG M4 versions de BIOS antérieures à 18.01.09 exclue
Siemens	N/A	SIMATIC S7-1500 Software Controller toutes versions
Siemens	N/A	ROX II versions antérieures à 2.12.1 exclue
Siemens	N/A	SIMATIC IPC477C toutes versions
Siemens	N/A	SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0) toutes versions
Siemens	N/A	SIMATIC IPC377E toutes versions
Siemens	N/A	SIMATIC IPC847D toutes versions
Siemens	N/A	SIMATIC IPC427C toutes versions
Siemens	N/A	RUGGEDCOM APE toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Siemens ssa-507847 du 9 octobre 2018	None	vendor-advisory
Bulletin de sécurité SCADA Siemens ssa-254686 du 9 octobre 2018	None	vendor-advisory
Bulletin de sécurité SCADA Siemens ssa-347726 du 9 octobre 2018	None	vendor-advisory
Bulletin de sécurité SCADA Siemens ssa-493830 du 9 octobre 2018	None	vendor-advisory
Bulletin de sécurité SCADA Siemens ssa-464260 du 9 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC IPC627C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC227E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Panels wtih integrated TCU toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU versions ant\u00e9rieures \u00e0 4.2.3 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427D versions de BIOS ant\u00e9rieures \u00e0 17.0x.14 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions comprises entre \u00e0 2.0 inclue et 2.5 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200 SP Open Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M5 versions de BIOS ant\u00e9rieures \u00e0 22.01.06 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477D versions de BIOS ant\u00e9rieures \u00e0 17.0x.14 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC827D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller versions sup\u00e9rieures \u00e0 2.0 inclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D versions ant\u00e9rieures \u00e0 8.3.0.1 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E Pro versions de BIOS ant\u00e9rieures \u00e0 21.01.09 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200 SP Open Controller (F) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 840 D sl (NCU720.3B, NCU730.3B, NCU720.3, NCU730.3) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427E versions de BIOS ant\u00e9rieures \u00e0 21.01.09 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 (incl. F) versions comprises entre 2.0 inclus et 2.5 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC3000 SMART V2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC277E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC347E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RX1400 VPE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC627D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4S toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC827C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK PCU 50.5 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E versions de BIOS ant\u00e9rieures \u00e0 21.01.09 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC327E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK TCU 30.3 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547G toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M4 versions de BIOS ant\u00e9rieures \u00e0 18.01.09 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "ROX II versions ant\u00e9rieures \u00e0 2.12.1 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC377E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM APE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2018-13800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13800"
    },
    {
      "name": "CVE-2018-13805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13805"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-13801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13801"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3615"
    }
  ],
  "initial_release_date": "2018-10-09T00:00:00",
  "last_revision_date": "2018-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-476",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-507847 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-254686 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-347726 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-493830 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-464260 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
    }
  ]
}

GSD-2018-13801

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-13801

Aliases

CVE-2018-13801

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-13801",
    "description": "A vulnerability has been identified in ROX II (All versions \u003c V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.",
    "id": "GSD-2018-13801"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-13801"
      ],
      "details": "A vulnerability has been identified in ROX II (All versions \u003c V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.",
      "id": "GSD-2018-13801",
      "modified": "2023-12-13T01:22:27.207815Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "DATE_PUBLIC": "2018-10-09T00:00:00",
        "ID": "CVE-2018-13801",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ROX II",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V2.12.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens AG"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in ROX II (All versions \u003c V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-264: Permissions, Privileges, and Access Controls"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf"
          },
          {
            "name": "105545",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105545"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:rox_ii_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.12.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:rox_ii:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2018-13801"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in ROX II (All versions \u003c V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf"
            },
            {
              "name": "105545",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105545"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:34Z",
      "publishedDate": "2018-10-10T17:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-13801 (GCVE-0-2018-13801)

GHSA-GH8M-W78J-MVXC

FKIE_CVE-2018-13801

CNVD-2018-20532

CERTFR-2018-AVI-476

Solution

GSD-2018-13801

Tags

Sightings

Nomenclature