CVE-2016-5743 - OpenCVE

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Simatic Batch Simatic Pcs 7 Simatic Wincc Runtime Professional Simatic Wincc Simatic Openpcs 7

Configuration 1 [-]

AND

OR	cpe:2.3:a:siemens:simatic_batch::::::::
	cpe:2.3:a:siemens:simatic_wincc::::::::
	cpe:2.3:a:siemens:simatic_wincc::::::::

cpe:2.3:a:siemens:simatic_pcs_7:*:sp1:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:siemens:simatic_openpcs_7:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_pcs_7:*:sp1:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:siemens:simatic_openpcs_7:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:siemens:simatic_pcs_7::::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_professional::sp1::::::*

References

Link	Resource
http://www.securityfocus.com/bid/92112	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036441	Third Party Advisory VDB Entry
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf	Mitigation Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-07-22T15:00:00

Updated: 2016-11-25T20:57:01

Reserved: 2016-06-22T00:00:00

Link: CVE-2016-5743

JSON object: View

NVD Information

Status : Modified

Published: 2016-07-22T15:59:00.147

Modified: 2016-11-28T20:29:09.843

Link: CVE-2016-5743

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-22T00:00:00", "descriptions": [{"lang": "en", "value": "Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1036441", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036441"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf"}, {"name": "92112", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92112"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-5743", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1036441", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036441"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01"}, {"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf"}, {"name": "92112", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92112"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-5743", "datePublished": "2016-07-22T15:00:00", "dateReserved": "2016-06-22T00:00:00", "dateUpdated": "2016-11-25T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_batch:*:*:*:*:*:*:*:*", "matchCriteriaId": "640FFC01-A0B7-466F-AE23-4BAEAADA4D7C", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*", "matchCriteriaId": "441E574D-1A66-4D8B-A0C5-4CC03E1D89D1", "versionEndIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA2E9785-246F-496B-9139-02E2F4003352", "versionEndIncluding": "7.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "9B434F8E-7E14-4D76-AC55-A15EF8EC10FB", "versionEndIncluding": "8.1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_openpcs_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "E38B1737-F40A-4278-8687-6928AE03B0C0", "versionEndIncluding": "8.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "9B434F8E-7E14-4D76-AC55-A15EF8EC10FB", "versionEndIncluding": "8.1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_openpcs_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A18AA81-7FC3-4977-AFC9-77920845C8B8", "versionEndIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B62697B-2F75-44EA-A1F8-14BF9D1F99CC", "versionEndIncluding": "8.2", "vulnerable": false}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "7F133189-C3AB-4FFD-9B5C-F181CFE50671", "versionEndIncluding": "13", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets."}, {"lang": "es", "value": "Siemens SIMATIC WinCC en versiones anteriores a 7.3 Update 10 y 7.4 en versiones anteriores a Update 1, SIMATIC BATCH en versiones anteriores a 8.1 SP1 Update 9 seg\u00fan se distribuye en SIMATIC PCS 7 hasta la versi\u00f3n 8.1 SP1, SIMATIC OpenPCS 7 en versiones anteriores a 8.1 Update 3 seg\u00fan se distribuye en SIMATIC PCS 7 hasta la versi\u00f3n 8.1 SP1, SIMATIC OpenPCS 7 en versiones anteriores a 8.2 Update 1 seg\u00fan se distribuye en SIMATIC PCS 7 8.2 y SIMATIC WinCC Runtime Professional en versiones anteriores a 13 SP1 Update 9 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes manipulados."}], "id": "CVE-2016-5743", "lastModified": "2016-11-28T20:29:09.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-22T15:59:00.147", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92112"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036441"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf"}, {"source": "cve@mitre.org", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}