Vulnerability-Lookup

CVE-2018-13807 (GCVE-0-2018-13807)

Vulnerability from cvelistv5 – Published: 2018-09-12 14:00 – Updated: 2024-09-17 00:37

Summary

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

Severity ?

No CVSS data available.

CWE

CWE-20 - Improper Input Validation

Assigner

siemens

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05	x_refsource_MISC
	http://www.securityfocus.com/bid/105331	vdb-entryx_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Siemens AG	SCALANCE X300, SCALANCE X408, SCALANCE X414	Affected: SCALANCE X300 : All versions < V4.0.0 Affected: SCALANCE X408 : All versions < V4.0.0 Affected: SCALANCE X414 : All versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:14:47.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"
          },
          {
            "name": "105331",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105331"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SCALANCE X300, SCALANCE X408, SCALANCE X414",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "SCALANCE X300 : All versions \u003c V4.0.0"
            },
            {
              "status": "affected",
              "version": "SCALANCE X408 : All versions \u003c V4.0.0"
            },
            {
              "status": "affected",
              "version": "SCALANCE X414 : All versions"
            }
          ]
        }
      ],
      "datePublic": "2018-09-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X300 (All versions \u003c V4.0.0), SCALANCE X408 (All versions \u003c V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-13T09:57:01.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"
        },
        {
          "name": "105331",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105331"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "DATE_PUBLIC": "2018-09-11T00:00:00",
          "ID": "CVE-2018-13807",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SCALANCE X300, SCALANCE X408, SCALANCE X414",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SCALANCE X300 : All versions \u003c V4.0.0"
                          },
                          {
                            "version_value": "SCALANCE X408 : All versions \u003c V4.0.0"
                          },
                          {
                            "version_value": "SCALANCE X414 : All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SCALANCE X300 (All versions \u003c V4.0.0), SCALANCE X408 (All versions \u003c V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"
            },
            {
              "name": "105331",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105331"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-13807",
    "datePublished": "2018-09-12T14:00:00.000Z",
    "dateReserved": "2018-07-10T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:37:09.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2018-18612

Vulnerability from cnvd - Published: 2018-09-13

Title

Siemens SCALANCE X Switches输入验证漏洞

Description

Siemens SCALANCE X Switches是德国西门子(Siemens)公司的一款工业以太网交换机产品。 Siemens SCALANCE X Switches存在输入验证漏洞，允许具有网络访问权限的攻击者利用漏洞导致拒绝服务。

Severity

高

Patch Name

Siemens SCALANCE X Switches输入验证漏洞的补丁

Patch Description

Siemens SCALANCE X Switches是德国西门子(Siemens)公司的一款工业以太网交换机产品。 Siemens SCALANCE X Switches存在输入验证漏洞，允许具有网络访问权限的攻击者利用漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://support.industry.siemens.com/cs/us/en/view/109753720

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05

Impacted products

Name
['SIEMENS SCALANCE X414', 'SIEMENS SCALANCE X408 <4.0.0', 'SIEMENS SCALANCE X300 <4.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-13807"
    }
  },
  "description": "Siemens SCALANCE X Switches\u662f\u5fb7\u56fd\u897f\u95e8\u5b50(Siemens)\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u4ea7\u54c1\u3002 \r\n\r\nSiemens SCALANCE X Switches\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u5177\u6709\u7f51\u7edc\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://support.industry.siemens.com/cs/us/en/view/109753720",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-18612",
  "openTime": "2018-09-13",
  "patchDescription": "Siemens SCALANCE X Switches\u662f\u5fb7\u56fd\u897f\u95e8\u5b50(Siemens)\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u4ea7\u54c1\u3002 \r\n\r\nSiemens SCALANCE X Switches\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u5177\u6709\u7f51\u7edc\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SCALANCE X Switches\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SCALANCE X414",
      "SIEMENS SCALANCE X408 \u003c4.0.0",
      "SIEMENS SCALANCE X300 \u003c4.0.0"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-13",
  "title": "Siemens SCALANCE X Switches\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e"
}

CVE-2018-13807

Vulnerability from fstec - Published: 11.09.2018

Title

Уязвимость веб-сервера промышленных коммутаторов Siemens SCALANCE X300, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость веб-сервера промышленных коммутаторов Siemens SCALANCE X300 связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно,вызвать отказ в обслуживании путем отправки специально сформированных пакетов на TCP-порт 443

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vendor

Siemens AG

Software Name

SCALANCE X300, SCALANCE X408, SCALANCE X414

Software Version

до 4.0.0 включительно (SCALANCE X300), до 4.0.0 включительно (SCALANCE X408), - (SCALANCE X414)

Possible Mitigations

Использование рекомендаций производителя: https://support.industry.siemens.com/cs/us/en/view/109753720

Reference

https://www.securitylab.ru/news/495601.php https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05 https://nvd.nist.gov/vuln/detail/CVE-2018-13807 https://support.industry.siemens.com/cs/us/en/view/109753720

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 4.0.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SCALANCE X300), \u0434\u043e 4.0.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SCALANCE X408), - (SCALANCE X414)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: \nhttps://support.industry.siemens.com/cs/us/en/view/109753720",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.09.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.09.2018",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01126",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-13807",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SCALANCE X300, SCALANCE X408, SCALANCE X414",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432 Siemens SCALANCE X300, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432 Siemens SCALANCE X300 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e,\u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043d\u0430 TCP-\u043f\u043e\u0440\u0442 443",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securitylab.ru/news/495601.php \nhttps://ics-cert.us-cert.gov/advisories/ICSA-18-254-05 \nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13807 \nhttps://support.industry.siemens.com/cs/us/en/view/109753720",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}

GHSA-X4VV-2Q68-XX2P

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34

Details

Severity ?

8.6 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-13807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-12T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SCALANCE X300 (All versions \u003c V4.0.0), SCALANCE X408 (All versions \u003c V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.",
  "id": "GHSA-x4vv-2q68-xx2p",
  "modified": "2022-05-13T01:34:41Z",
  "published": "2022-05-13T01:34:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13807"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-13807

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-13807

Aliases

CVE-2018-13807

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-13807",
    "description": "A vulnerability has been identified in SCALANCE X300 (All versions \u003c V4.0.0), SCALANCE X408 (All versions \u003c V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.",
    "id": "GSD-2018-13807"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-13807"
      ],
      "details": "A vulnerability has been identified in SCALANCE X300 (All versions \u003c V4.0.0), SCALANCE X408 (All versions \u003c V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.",
      "id": "GSD-2018-13807",
      "modified": "2023-12-13T01:22:27.050032Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "DATE_PUBLIC": "2018-09-11T00:00:00",
        "ID": "CVE-2018-13807",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SCALANCE X300, SCALANCE X408, SCALANCE X414",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SCALANCE X300 : All versions \u003c V4.0.0"
                        },
                        {
                          "version_value": "SCALANCE X408 : All versions \u003c V4.0.0"
                        },
                        {
                          "version_value": "SCALANCE X414 : All versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens AG"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SCALANCE X300 (All versions \u003c V4.0.0), SCALANCE X408 (All versions \u003c V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"
          },
          {
            "name": "105331",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105331"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2018-13807"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SCALANCE X300 (All versions \u003c V4.0.0), SCALANCE X408 (All versions \u003c V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource",
                "VDB Entry"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"
            },
            {
              "name": "105331",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105331"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2019-10-09T23:34Z",
      "publishedDate": "2018-09-12T13:29Z"
    }
  }
}

CERTFR-2020-AVI-077

Vulnerability from certfr_avis - Published: 2020-02-11 - Updated: 2020-02-12

Cet avis concerne une mise à jour en date du 10 février 2020 de 58 avis Siemens (cf. section documentation). Les avis Siemens listent désormais les variantes SIPLUS parmi les systèmes affectés.

De multiples vulnérabilités ont été découvertes dans les produits Siemens de variante SIPLUS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

[Important] Certains avis étant anciens et étant donné le nombre de vulnérabilités traitées par les bulletins, le CERT-FR recommande de déterminer la version applicable pour chaque configuration et d'appliquer les mesures de protection établies par l'éditeur dans la section "workarounds and migitations" des bulletins de sécurité (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	CP 343-1 Advanced variante SIPLUS versions antérieures à 3.0.44
Siemens	N/A	SITOP UPS1600 PROFINET variante SIPLUS versions antérieures à 2.2.0
Siemens	N/A	SIMATIC IPC427D et IPC427E variante SIPLUS BIOS versions antérieures à V17.0x.14 et V21.01.18
Siemens	N/A	CP 343-1 tous types et variante SIPLUS toutes versions antérieures à 3.1.1
Siemens	N/A	CP 1543-1 variante SIPLUS versions antérieures à 2.1
Siemens	N/A	SCALANCE X414 variante SIPLUS versions antérieures à 3.10.2
Siemens	N/A	TIM 1531 IRC variante SIPLUS versions antérieures à 2.0
Siemens	N/A	SIMATIC S7-1200 CPU variante SIPLUS versions antérieures à 4.1.3 4.3
Siemens	N/A	TIM 4R-IE variante SIPLUS versions antérieures à 2.6.0
Siemens	N/A	CP 1243-1 tous types et variante SIPLUS versions antérieures à 3.1
Siemens	N/A	SIMATIC S7-400 tous types en variante SIPLUS toutes versions
Siemens	N/A	SCALANCE X-200IRT variante SIPLUS versions antérieures à 5.4.0
Siemens	N/A	SCALANCE X-300 variante SIPLUS versions antérieures à 4.1.2
Siemens	N/A	SIMATIC S7-1500 CPU variante SIPLUS versions antérieures à 2.5 2.6
Siemens	N/A	LOGO!8 BM variante SIPLUS toutes versions
Siemens	N/A	SINAMICS G120(C/P/D) avec PN variante SIPLUS versions antérieures à 4.7 SP9 HF1
Siemens	N/A	SIMOCODE pro V PN variante SIPLUS versions antérieures à 2.1.1
Siemens	N/A	SIMATIC S7-410 CPU variante SIPLUS variante SIPLUS versions antérieures à 8.2.1
Siemens	N/A	SINAMICS S120 variante SIPLUS versions antérieures à 4.7 HF29, 4.8 HF5 et 5.1 SP1
Siemens	N/A	SIMATIC ET200pro et ET200S variante SIPLUS toutes versions
Siemens	N/A	SCALANCE X-200 variante SIPLUS versions antérieures à 5.2.2
Siemens	N/A	IE/PB-Link variante SIPLUS versions antérieures à 3.0
Siemens	N/A	SIMATIC ET200M variante SIPLUS toutes versions
Siemens	N/A	SIMATIC S7-300 CPU sans support PROFINET variante SIPLUS versions antérieures à 3.X.16
Siemens	N/A	SIMATIC ET200MP variante SIPLUS versions antérieures à 4.2
Siemens	N/A	SIMOCODE pro V EIP variante SIPLUS versions antérieures à 1.0.2
Siemens	N/A	SIMATIC ET200SP Open Controller variante SIPLUS versions antérieures à 2.6 et 4.2
Siemens	N/A	SIMATIC PN/PN Coupler variante SIPLUS versions antérieures à 4.2.0
Siemens	N/A	TIM 4R-IE DNP3 variante SIPLUS versions antérieures à 3.1.0
Siemens	N/A	CP 1542SP-1 et 1543SP-1 variante SIPLUS versions antérieures à 1.0.15
Siemens	N/A	IM 3V-IE / TIM 3V-IE Advanced variante SIPLUS versions antérieures à 2.6.0
Siemens	N/A	SIMOTION variante SIPLUS versions antérieures à 5.1 HF1
Siemens	N/A	TIM 3V-IE DNP3 variante SIPLUS versions antérieures à 3.1.0
Siemens	N/A	CP 443-1 tous types et variante SIPLUS toutes versions antérieures à 3.2.9 3.2.17
Siemens	N/A	SIMATIC HMI Basic Panels 2nd Generation, Comfort 15-22, Comfort 4-12, Comfort Pro Panels variante SIPLUS versions antérieures à V14 SP1 Upd 6 et V15.1 Upd 1
Siemens	N/A	SIMATIC S7-300 CPU avec support PROFINET variante SIPLUS versions antérieures à 3.X.16

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-818183 du 08 juin 2016	-	other
Bulletin de sécurité Siemens ssa-268644 du 09 septembre 2018	-	other
Avis CERTFR-2018-AVI-429	-	other
Bulletin de sécurité Siemens ssa-892715 du 22 février 2018	-	other
Bulletin de sécurité Siemens ssa-994726 du 05 mars 2015	-	other
Avis CERTFR-2015-AVI-090	-	other
Avis CERTFR-2018-AVI-235	-	other
Avis CERTFR-2014-AVI-137	-	other
Bulletin de sécurité Siemens ssa-447396 du 11 septembre 2018	-	other
Bulletin de sécurité Siemens ssa-804486 du 14 mai 2019	-	other
Bulletin de sécurité Siemens ssa-987029 du 05 mars 2015	-	other
Bulletin de sécurité Siemens ssa-240718 du 13 septembre 2012	-	other
Bulletin de sécurité Siemens ssa-168644 du 22 février 2018	-	other
Bulletin de sécurité Siemens ssa-180635 du 08 janvier 2019	-	other
Bulletin de sécurité Siemens ssa-293562 du 08 mai 2017	-	other
Bulletin de sécurité Siemens ssa-310688 du 14 août 2014	-	other
Bulletin de sécurité Siemens ssa-546832 du 03 mai 2018	-	other
Bulletin de sécurité Siemens ssa-100232 du 13 août 2019	-	other
Bulletin de sécurité Siemens ssa-914382 du 15 mai 2018	-	other
Bulletin de sécurité Siemens ssa-744850 du 11 juin 2019	-	other
Bulletin de sécurité Siemens ssa-134003 du 27 août 2015	-	other
Avis CERTFR-2016-AVI-384	-	other
Bulletin de sécurité Siemens ssa-321046 du 19 janvier 2015	-	other
Avis CERTFR-2018-AVI-543	-	other
Bulletin de sécurité Siemens ssa-306710 du 08 janvier 2019	-	other
Bulletin de sécurité Siemens ssa-944083 du 13 novembre 2018	-	other
Bulletin de sécurité Siemens ssa-724606 du 20 décembre 2012	-	other
Bulletin de sécurité Siemens ssa-253230 du 08 février 2016	-	other
Bulletin de sécurité Siemens ssa-346262 du 23 novembre 2017	-	other
Bulletin de sécurité Siemens ssa-179516 du 07 août 2018	-	other
Avis CERTFR-2015-AVI-364	-	other
Avis CERTFR-2017-AVI-140	-	other
Bulletin de sécurité Siemens ssa-584286 du 13 novembre 2018	-	other
Bulletin de sécurité Siemens ssa-874235 du 26 juin 2017	-	other
Bulletin de sécurité Siemens ssa-234763 du 17 juillet 2014	-	other
Bulletin de sécurité Siemens ssa-742938 du 04 décembre 2013	-	other
Avis CERTFR-2017-AVI-428	-	other
Bulletin de sécurité Siemens ssa-377318 du 12 février 2019	-	other
Bulletin de sécurité Siemens ssa-892012 du 24 avril 2014	-	other
Bulletin de sécurité Siemens ssa-087240 du 30 août 2017	-	other
Avis CERTFR-2019-AVI-004	-	other
Bulletin de sécurité Siemens ssa-850708 du 11 septembre 2013	-	other
Bulletin de sécurité Siemens ssa-110922 du 27 mars 2018	-	other
Bulletin de sécurité Siemens ssa-507847 du 09 octobre 2018	-	other
Bulletin de sécurité Siemens ssa-113131 du 13 novembre 2018	-	other
Bulletin de sécurité Siemens ssa-176087 du 01 octobre 2013	-	other
Bulletin de sécurité Siemens ssa-763427 du 27 novembre 2015	-	other
Bulletin de sécurité Siemens ssa-623229 du 08 avril 2016	-	other
Bulletin de sécurité Siemens ssa-592007 du 20 mars 2018	-	other
Avis CERTFR-2016-AVI-196	-	other
Bulletin de sécurité Siemens ssa-233109 du 13 novembre 2018	-	other
Bulletin de sécurité Siemens ssa-954136 du 02 février 2015	-	other
Bulletin de sécurité Siemens ssa-672373 du 18 novembre 2016	-	other
Avis CERTFR-2014-AVI-126	-	other
Bulletin de sécurité Siemens ssa-487246 du 08 avril 2015	-	other
Bulletin de sécurité Siemens ssa-542701 du 14 mai 2019	-	other
Bulletin de sécurité Siemens ssa-347726 du 09 octobre 2018	-	other
Bulletin de sécurité Siemens ssa-254686 du 09 octobre 2018	-	other
Bulletin de sécurité Siemens ssa-279823 du 08 octobre 2012	-	other
Bulletin de sécurité Siemens ssa-982399 du 11 décembre 2018	-	other
Bulletin de sécurité Siemens ssa-456423 du 12 mars 2014	-	other
Avis CERTFR-2016-AVI-062	-	other
Bulletin de sécurité Siemens ssa-635659 du 15 avril 2014	-	other
Bulletin de sécurité Siemens ssa-130874 du 05 avril 2012	-	other
Bulletin de sécurité Siemens ssa-141614 du 09 avril 2019	-	other
Bulletin de sécurité Siemens ssa-597212 du 21 janvier 2015	-	other
Bulletin de sécurité Siemens ssa-654382 du 20 mars 2014	-	other
Bulletin de sécurité Siemens ssa-833048 du 14 mars 2016	-	other
Bulletin de sécurité Siemens ssa-625789 du 10 juin 2011	-	other
Bulletin de sécurité Siemens ssa-731239 du 09 décembre 2016	-	other
Bulletin de sécurité Siemens ssa-470231 du 22 février 2018	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CP 343-1 Advanced variante SIPLUS versions ant\u00e9rieures \u00e0 3.0.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SITOP UPS1600 PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 2.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427D et IPC427E variante SIPLUS BIOS versions ant\u00e9rieures \u00e0 V17.0x.14 et V21.01.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 343-1 tous types et variante SIPLUS toutes versions ant\u00e9rieures \u00e0 3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 1543-1 variante SIPLUS versions ant\u00e9rieures \u00e0 2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X414 variante SIPLUS versions ant\u00e9rieures \u00e0 3.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC variante SIPLUS versions ant\u00e9rieures \u00e0 2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU variante SIPLUS versions ant\u00e9rieures \u00e0 4.1.3 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE variante SIPLUS versions ant\u00e9rieures \u00e0 2.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 1243-1 tous types et variante SIPLUS versions ant\u00e9rieures \u00e0 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 tous types en variante SIPLUS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT variante SIPLUS versions ant\u00e9rieures \u00e0 5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-300 variante SIPLUS versions ant\u00e9rieures \u00e0 4.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU variante SIPLUS versions ant\u00e9rieures \u00e0 2.5 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO!8 BM variante SIPLUS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G120(C/P/D) avec PN variante SIPLUS versions ant\u00e9rieures \u00e0 4.7 SP9 HF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOCODE pro V PN variante SIPLUS versions ant\u00e9rieures \u00e0 2.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-410 CPU variante SIPLUS variante SIPLUS versions ant\u00e9rieures \u00e0 8.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS S120 variante SIPLUS versions ant\u00e9rieures \u00e0 4.7 HF29, 4.8 HF5 et 5.1 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200pro et ET200S variante SIPLUS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200 variante SIPLUS versions ant\u00e9rieures \u00e0 5.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "IE/PB-Link variante SIPLUS versions ant\u00e9rieures \u00e0 3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200M variante SIPLUS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU sans support PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 3.X.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP variante SIPLUS versions ant\u00e9rieures \u00e0 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOCODE pro V EIP variante SIPLUS versions ant\u00e9rieures \u00e0 1.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP Open Controller variante SIPLUS versions ant\u00e9rieures \u00e0 2.6 et 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PN/PN Coupler variante SIPLUS versions ant\u00e9rieures \u00e0 4.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE DNP3 variante SIPLUS versions ant\u00e9rieures \u00e0 3.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 1542SP-1 et 1543SP-1 variante SIPLUS versions ant\u00e9rieures \u00e0 1.0.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "IM 3V-IE / TIM 3V-IE Advanced variante SIPLUS versions ant\u00e9rieures \u00e0 2.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION variante SIPLUS versions ant\u00e9rieures \u00e0 5.1 HF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE DNP3 variante SIPLUS versions ant\u00e9rieures \u00e0 3.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP 443-1 tous types et variante SIPLUS toutes versions ant\u00e9rieures \u00e0 3.2.9 3.2.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Basic Panels 2nd Generation, Comfort 15-22, Comfort 4-12, Comfort Pro Panels variante SIPLUS versions ant\u00e9rieures \u00e0 V14 SP1 Upd 6 et V15.1 Upd 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU avec support PROFINET variante SIPLUS versions ant\u00e9rieures \u00e0 3.X.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\n**\\[Important\\]** Certains avis \u00e9tant anciens et \u00e9tant donn\u00e9 le nombre\nde vuln\u00e9rabilit\u00e9s trait\u00e9es par les bulletins, le CERT-FR recommande de\nd\u00e9terminer la version applicable pour chaque configuration et\nd\u0027appliquer les mesures de protection \u00e9tablies par l\u0027\u00e9diteur dans la\nsection \"workarounds and migitations\" des bulletins de s\u00e9curit\u00e9 (cf.\nsection Documentation).\n\n\u00a0\n",
  "cves": [
    {
      "name": "CVE-2016-8561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8561"
    },
    {
      "name": "CVE-2014-2909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2909"
    },
    {
      "name": "CVE-2014-2248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2248"
    },
    {
      "name": "CVE-2014-2254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2254"
    },
    {
      "name": "CVE-2018-16558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16558"
    },
    {
      "name": "CVE-2014-2246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2246"
    },
    {
      "name": "CVE-2016-2200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2200"
    },
    {
      "name": "CVE-2014-2251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2251"
    },
    {
      "name": "CVE-2014-2255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2255"
    },
    {
      "name": "CVE-2013-0700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0700"
    },
    {
      "name": "CVE-2014-8479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8479"
    },
    {
      "name": "CVE-2017-2680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2680"
    },
    {
      "name": "CVE-2014-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2908"
    },
    {
      "name": "CVE-2014-2258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2258"
    },
    {
      "name": "CVE-2014-2257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2257"
    },
    {
      "name": "CVE-2018-16556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16556"
    },
    {
      "name": "CVE-2014-8478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8478"
    },
    {
      "name": "CVE-2017-12741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12741"
    },
    {
      "name": "CVE-2015-8214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
    },
    {
      "name": "CVE-2018-13807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13807"
    },
    {
      "name": "CVE-2014-2259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2259"
    },
    {
      "name": "CVE-2013-2780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2780"
    },
    {
      "name": "CVE-2018-16561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16561"
    },
    {
      "name": "CVE-2014-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2253"
    },
    {
      "name": "CVE-2018-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4850"
    },
    {
      "name": "CVE-2015-1048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1048"
    },
    {
      "name": "CVE-2018-16559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16559"
    },
    {
      "name": "CVE-2016-2201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2201"
    },
    {
      "name": "CVE-2014-2247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2247"
    },
    {
      "name": "CVE-2014-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2249"
    },
    {
      "name": "CVE-2014-2250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2250"
    },
    {
      "name": "CVE-2018-16557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16557"
    },
    {
      "name": "CVE-2016-2846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2846"
    },
    {
      "name": "CVE-2015-5698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5698"
    },
    {
      "name": "CVE-2014-2256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2256"
    },
    {
      "name": "CVE-2016-8562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8562"
    },
    {
      "name": "CVE-2016-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3949"
    },
    {
      "name": "CVE-2015-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2177"
    },
    {
      "name": "CVE-2014-2252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2252"
    }
  ],
  "initial_release_date": "2020-02-11T00:00:00",
  "last_revision_date": "2020-02-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-818183 du 08 juin 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-268644 du 09 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "title": "Avis CERTFR-2018-AVI-429",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-429/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-892715 du 22 f\u00e9vrier 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-994726 du 05 mars 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf"
    },
    {
      "title": "Avis CERTFR-2015-AVI-090",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2015-AVI-090/"
    },
    {
      "title": "Avis CERTFR-2018-AVI-235",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-235/"
    },
    {
      "title": "Avis CERTFR-2014-AVI-137",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2014-AVI-137/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-447396 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-987029 du 05 mars 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-240718 du 13 septembre 2012",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-240718.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-168644 du 22 f\u00e9vrier 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-180635 du 08 janvier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-293562 du 08 mai 2017",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-310688 du 14 ao\u00fbt 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-546832 du 03 mai 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-100232 du 13 ao\u00fbt 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914382 du 15 mai 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-744850 du 11 juin 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-134003 du 27 ao\u00fbt 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf"
    },
    {
      "title": "Avis CERTFR-2016-AVI-384",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-384/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-321046 du 19 janvier 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf"
    },
    {
      "title": "Avis CERTFR-2018-AVI-543",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-543/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-306710 du 08 janvier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-944083 du 13 novembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-724606 du 20 d\u00e9cembre 2012",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-253230 du 08 f\u00e9vrier 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-346262 du 23 novembre 2017",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-179516 du 07 ao\u00fbt 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf"
    },
    {
      "title": "Avis CERTFR-2015-AVI-364",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2015-AVI-364/"
    },
    {
      "title": "Avis CERTFR-2017-AVI-140",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-140/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-584286 du 13 novembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-874235 du 26 juin 2017",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-234763 du 17 juillet 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-742938 du 04 d\u00e9cembre 2013",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf"
    },
    {
      "title": "Avis CERTFR-2017-AVI-428",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-428/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-892012 du 24 avril 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-087240 du 30 ao\u00fbt 2017",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"
    },
    {
      "title": "Avis CERTFR-2019-AVI-004",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-004/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-850708 du 11 septembre 2013",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-110922 du 27 mars 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-507847 du 09 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-113131 du 13 novembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-176087 du 01 octobre 2013",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 27 novembre 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-623229 du 08 avril 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-592007 du 20 mars 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
    },
    {
      "title": "Avis CERTFR-2016-AVI-196",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-196/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-233109 du 13 novembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-954136 du 02 f\u00e9vrier 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-672373 du 18 novembre 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf"
    },
    {
      "title": "Avis CERTFR-2014-AVI-126",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2014-AVI-126/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-487246 du 08 avril 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-347726 du 09 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-254686 du 09 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-279823 du 08 octobre 2012",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-279823.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-982399 du 11 d\u00e9cembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-456423 du 12 mars 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf"
    },
    {
      "title": "Avis CERTFR-2016-AVI-062",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2016-AVI-062/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-635659 du 15 avril 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-130874 du 05 avril 2012",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-130874.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-141614 du 09 avril 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-597212 du 21 janvier 2015",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-654382 du 20 mars 2014",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-833048 du 14 mars 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-625789 du 10 juin 2011",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-625789.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-731239 du 09 d\u00e9cembre 2016",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-470231 du 22 f\u00e9vrier 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
    }
  ],
  "reference": "CERTFR-2020-AVI-077",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-11T00:00:00.000000"
    },
    {
      "description": "int\u00e9gration des 58 avis",
      "revision_date": "2020-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "\u003cstrong\u003eCet avis concerne une mise \u00e0 jour en date du 10 f\u00e9vrier 2020 de 58\navis Siemens (cf. section documentation). Les avis Siemens listent\nd\u00e9sormais les variantes SIPLUS parmi les syst\u00e8mes affect\u00e9s.\u003c/strong\u003e\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens de variante SIPLUS. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens de variante SIPLUS",
  "vendor_advisories": []
}

CERTFR-2018-AVI-429

Vulnerability from certfr_avis - Published: 2018-09-11 - Updated: 2018-09-11

De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	RUDGECOM, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SIMATIC WinCC OA versions 3.14 et antérieures
Siemens	N/A	SCALANCE X408 toutes versions antérieures à 4.0.0
Siemens	N/A	SINUMERIK, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SCALANCE X300 toutes versions antérieures à 4.0.0
Siemens	N/A	SIMATIC, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SINEMA, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SCALANCE X414 toutes versions
Siemens	N/A	SIEMENS TD Keypad Designer toutes versions
Siemens	N/A	SIMOTION, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-268644 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Siemens SSA-447396 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Siemens SSA-346256 du 11 septembre 2018	None	vendor-advisory
Bulletin de sécurité Siemens SSA-198330 du 11 septembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "RUDGECOM, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions 3.14 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X408 toutes versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X300 toutes versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X414 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIEMENS TD Keypad Designer toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-13806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13806"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2018-13807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13807"
    },
    {
      "name": "CVE-2018-13799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13799"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    }
  ],
  "initial_release_date": "2018-09-11T00:00:00",
  "last_revision_date": "2018-09-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-429",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-268644 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-447396 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-346256 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-198330 du 11 septembre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf"
    }
  ]
}

FKIE_CVE-2018-13807

Vulnerability from fkie_nvd - Published: 2018-09-12 13:29 - Updated: 2024-11-21 03:48

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/105331	Third Party Advisory, VDB Entry
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf	Vendor Advisory
productcert@siemens.com	https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05	Third Party Advisory, US Government Resource, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105331	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05	Third Party Advisory, US Government Resource, VDB Entry

Impacted products

Vendor	Product	Version
siemens	scalance_x408_firmware	*
siemens	scalance_x408	-
siemens	scalance_x300_firmware	*
siemens	scalance_x300	-
siemens	scalance_x414_firmware	-
siemens	scalance_x414	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "897A0746-166D-46E3-B261-429A85012FC0",
              "versionEndExcluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47F713E4-4B75-476E-BC21-92CA10198AE9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00ECDFD-EBBD-4532-A529-ED567A4331CC",
              "versionEndExcluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F6299B-D7E3-4750-B016-7DCBC83C2287",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDB94AE-1ADF-468A-93BB-7DC0A2086AC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4C1BEF-D6B4-4260-9AC5-6F903EF6F4B1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SCALANCE X300 (All versions \u003c V4.0.0), SCALANCE X408 (All versions \u003c V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SCALANCE X300 (todas las versiones anteriores a la V4.0.0), SCALANCE X408 (todas las versiones anteriores a la V4.0.0) y SCALANCE X414 (todas las versiones) La interfaz web en el puerto 443/tcp podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de paquetes especialmente manipulados al servidor web. El dispositivo se reiniciar\u00e1 autom\u00e1ticamente, impactando en la disponibilidad de red para otros dispositivos. Un atacante debe tener acceso de red al puerto 443/tcp para explotar la vulnerabilidad. No se requieren credenciales v\u00e1lidas ni interacci\u00f3n por parte de un usuario leg\u00edtimo para explotar la vulnerabilidad. No hay impacto ni en la confidencialidad ni en la integridad; solo la disponibilidad se ha visto temporalmente impactada. La vulnerabilidad puede ser desencadenada por herramientas disponibles de forma p\u00fablica."
    }
  ],
  "id": "CVE-2018-13807",
  "lastModified": "2024-11-21T03:48:06.303",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-12T13:29:01.157",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105331"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-13807 (GCVE-0-2018-13807)

CNVD-2018-18612

CVE-2018-13807

GHSA-X4VV-2Q68-XX2P

GSD-2018-13807

CERTFR-2020-AVI-077

Solution

CERTFR-2018-AVI-429

Solution

FKIE_CVE-2018-13807

Tags

Sightings

Nomenclature