CVE-2017-6867

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.

CVSS v3 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/98368	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:simatic_wincc:7.3:::::::*
	cpe:2.3:a:siemens:simatic_wincc:7.4:::::::*
	cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):13:sp1:::professional:::*
	cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):14::::professional:::
	cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:::professional:::*
	cpe:2.3:a:siemens:simatic_wincc_runtime:14::::professional:::

History

No history.

Information

Published : 2017-05-11 10:29

Updated : 2023-12-10 12:01

NVD link : CVE-2017-6867

Mitre link : CVE-2017-6867

CVE.ORG link : CVE-2017-6867

JSON object : View

Products Affected

siemens

simatic_wincc_\(tia_portal\)
simatic_wincc
simatic_wincc_runtime

CWE

CWE-20

Improper Input Validation

CWE-787

Out-of-bounds Write

{"id": "CVE-2017-6867", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2017-05-11T10:29:00.260", "references": [{"url": "http://www.securityfocus.com/bid/98368", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf", "source": "productcert@siemens.com"}, {"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en SIMATIC WinCC (versi\u00f3n V7.3 anterior a Upd 11 y versi\u00f3n V7.4 anterior a SP1), SIMATIC WinCC Runtime Professional (versi\u00f3n V13 anterior a SP2 y versi\u00f3n V14 anterior a SP1), SIMATIC WinCC (TIA Portal) Professional (versi\u00f3n V13 anterior a SP2 y versi\u00f3n V14 anterior a SP1) de Siemens, eso podr\u00eda permitir a un atacante remoto autenticado, quien es miembro del grupo de los \"administrators\" bloquear los servicios enviando mensajes especialmente dise\u00f1ados a la interfaz DCOM."}], "lastModified": "2018-06-14T01:29:31.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D6229A2-9B8E-4F76-8425-589D2CE58B16"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F64B795A-7E66-49AE-BE40-E8EEAC12D280"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13:sp1:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "F8FA6B17-FA61-44FC-BAA7-AAC63ECBD996"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14:*:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "B0E21465-76ED-4803-A40A-539500B993F9"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "57CE0216-AA81-416B-88D2-3321D2A2A16D"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "D8893E54-CF26-448A-9C32-90E5F8D8CC84"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}