Vulnerability-Lookup

CVE-2017-9942 (GCVE-0-2017-9942)

Vulnerability from cvelistv5 – Published: 2017-08-08 00:00 – Updated: 2024-08-05 17:24

Summary

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.

Severity ?

No CVSS data available.

CWE

CWE-257 - Storing Passwords in a Recoverable Format

Assigner

siemens

References

URL

Tags

	https://www.siemens.com/cert/pool/cert/siemens_se…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/99578	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	SiPass integrated All versions before V2.70	Affected: SiPass integrated All versions before V2.70

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:24:59.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
          },
          {
            "name": "99578",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SiPass integrated All versions before V2.70",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "SiPass integrated All versions before V2.70"
            }
          ]
        }
      ],
      "datePublic": "2017-08-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257: Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-08T09:57:01.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
        },
        {
          "name": "99578",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-9942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SiPass integrated All versions before V2.70",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SiPass integrated All versions before V2.70"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-257: Storing Passwords in a Recoverable Format"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
            },
            {
              "name": "99578",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-9942",
    "datePublished": "2017-08-08T00:00:00.000Z",
    "dateReserved": "2017-06-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:24:59.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2017-9942

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9942

Aliases

CVE-2017-9942

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9942",
    "description": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.",
    "id": "GSD-2017-9942"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9942"
      ],
      "details": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.",
      "id": "GSD-2017-9942",
      "modified": "2023-12-13T01:21:07.555418Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2017-9942",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SiPass integrated All versions before V2.70",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SiPass integrated All versions before V2.70"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-257: Storing Passwords in a Recoverable Format"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
          },
          {
            "name": "99578",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99578"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.65",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-9942"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
            },
            {
              "name": "99578",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99578"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:30Z",
      "publishedDate": "2017-08-08T00:29Z"
    }
  }
}

GHSA-3877-QFCM-54MW

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-9942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-08T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.",
  "id": "GHSA-3877-qfcm-54mw",
  "modified": "2022-05-13T01:36:04Z",
  "published": "2022-05-13T01:36:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9942"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99578"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-213

Vulnerability from certfr_avis - Published: 2017-07-13 - Updated: 2017-07-13

De multiples vulnérabilités ont été corrigées dans SCADA les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Siemens	N/A	SIMATIC Logon toutes versions antérieures à 1.6
	Siemens	N/A	SiPass integrated toutes versions antérieures à 2.70

References

Title

Publication Time

FKIE_CVE-2017-9942

Vulnerability from fkie_nvd - Published: 2017-08-08 00:29 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/99578	Third Party Advisory, VDB Entry
productcert@siemens.com	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99578	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	siemens	sipass_integrated	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2375DDBA-DBFD-49DB-9B13-0D832E21146B",
              "versionEndIncluding": "2.65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una vulnerabilidad en Siemens SiPass integrated (todas las versiones anteriores a la V2.70) que podr\u00eda permitir que un atacante con acceso local al servidor SiPass integrated o al cliente SiPass integrated obtuviese credenciales de los sistemas."
    }
  ],
  "id": "CVE-2017-9942",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T00:29:00.477",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99578"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-257"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-14601

Vulnerability from cnvd - Published: 2017-07-15

Title

Siemens SiPass integrated凭证获取漏洞

Description

SiPass server是SiPass集中访问控制系统的组件，接收客户端的连接进行通信。 Siemens SiPass integrated存在凭证获取漏洞，具有本地访问SiPass集成服务器或SiPass集成客户端的攻击者可能从系统获取凭据。

Severity

中

Patch Name

Siemens SiPass integrated凭证获取漏洞的补丁

Patch Description

SiPass server是SiPass集中访问控制系统的组件，接收客户端的连接进行通信。 Siemens SiPass integrated存在凭证获取漏洞，具有本地访问SiPass集成服务器或SiPass集成客户端的攻击者可能从系统获取凭据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.siemens.com/cert/advisories/

Reference

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf

Impacted products

Name
Siemens SiPass integrated <2.70

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9942"
    }
  },
  "description": "SiPass server\u662fSiPass\u96c6\u4e2d\u8bbf\u95ee\u63a7\u5236\u7cfb\u7edf\u7684\u7ec4\u4ef6\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u7684\u8fde\u63a5\u8fdb\u884c\u901a\u4fe1\u3002\r\n\r\nSiemens SiPass integrated\u5b58\u5728\u51ed\u8bc1\u83b7\u53d6\u6f0f\u6d1e\uff0c\u5177\u6709\u672c\u5730\u8bbf\u95eeSiPass\u96c6\u6210\u670d\u52a1\u5668\u6216SiPass\u96c6\u6210\u5ba2\u6237\u7aef\u7684\u653b\u51fb\u8005\u53ef\u80fd\u4ece\u7cfb\u7edf\u83b7\u53d6\u51ed\u636e\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttps://www.siemens.com/cert/advisories/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14601",
  "openTime": "2017-07-15",
  "patchDescription": "SiPass server\u662fSiPass\u96c6\u4e2d\u8bbf\u95ee\u63a7\u5236\u7cfb\u7edf\u7684\u7ec4\u4ef6\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u7684\u8fde\u63a5\u8fdb\u884c\u901a\u4fe1\u3002\r\n\r\nSiemens SiPass integrated\u5b58\u5728\u51ed\u8bc1\u83b7\u53d6\u6f0f\u6d1e\uff0c\u5177\u6709\u672c\u5730\u8bbf\u95eeSiPass\u96c6\u6210\u670d\u52a1\u5668\u6216SiPass\u96c6\u6210\u5ba2\u6237\u7aef\u7684\u653b\u51fb\u8005\u53ef\u80fd\u4ece\u7cfb\u7edf\u83b7\u53d6\u51ed\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SiPass integrated\u51ed\u8bc1\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens SiPass integrated \u003c2.70"
  },
  "referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-13",
  "title": "Siemens SiPass integrated\u51ed\u8bc1\u83b7\u53d6\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9942 (GCVE-0-2017-9942)

GSD-2017-9942

GHSA-3877-QFCM-54MW

CERTFR-2017-AVI-213

Solution

FKIE_CVE-2017-9942

CNVD-2017-14601

Tags

Sightings

Nomenclature