CVE-2017-6867 - OpenCVE

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simatic Wincc Simatic Wincc \(tia Portal\) Simatic Wincc Runtime

Configuration 1 [-]

OR	cpe:2.3:a:siemens:simatic_wincc:7.3:::::::*
	cpe:2.3:a:siemens:simatic_wincc:7.4:::::::*
	cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):13:sp1:::professional:::*
	cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):14::::professional:::
	cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:::professional:::*
	cpe:2.3:a:siemens:simatic_wincc_runtime:14::::professional:::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/98368
https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2017-05-11T10:00:00

Updated: 2024-08-05T15:41:17.675Z

Reserved: 2017-03-13T00:00:00

Link: CVE-2017-6867

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-11T10:29:00.260

Modified: 2018-06-14T01:29:31.133

Link: CVE-2017-6867

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Siemens SIMATIC WinCC", "vendor": "n/a", "versions": [{"status": "affected", "version": "Siemens SIMATIC WinCC"}]}], "datePublic": "2017-05-10T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-13T09:57:01", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"name": "98368", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98368"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2017-6867", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Siemens SIMATIC WinCC", "version": {"version_data": [{"version_value": "Siemens SIMATIC WinCC"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787: Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "98368", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98368"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"}, {"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf", "refsource": "CONFIRM", "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:41:17.675Z"}, "title": "CVE Program Container", "references": [{"name": "98368", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98368"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2017-6867", "datePublished": "2017-05-11T10:00:00", "dateReserved": "2017-03-13T00:00:00", "dateUpdated": "2024-08-05T15:41:17.675Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "8D6229A2-9B8E-4F76-8425-589D2CE58B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F64B795A-7E66-49AE-BE40-E8EEAC12D280", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13:sp1:*:*:professional:*:*:*", "matchCriteriaId": "F8FA6B17-FA61-44FC-BAA7-AAC63ECBD996", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14:*:*:*:professional:*:*:*", "matchCriteriaId": "B0E21465-76ED-4803-A40A-539500B993F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*", "matchCriteriaId": "57CE0216-AA81-416B-88D2-3321D2A2A16D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:*", "matchCriteriaId": "D8893E54-CF26-448A-9C32-90E5F8D8CC84", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en SIMATIC WinCC (versi\u00f3n V7.3 anterior a Upd 11 y versi\u00f3n V7.4 anterior a SP1), SIMATIC WinCC Runtime Professional (versi\u00f3n V13 anterior a SP2 y versi\u00f3n V14 anterior a SP1), SIMATIC WinCC (TIA Portal) Professional (versi\u00f3n V13 anterior a SP2 y versi\u00f3n V14 anterior a SP1) de Siemens, eso podr\u00eda permitir a un atacante remoto autenticado, quien es miembro del grupo de los \"administrators\" bloquear los servicios enviando mensajes especialmente dise\u00f1ados a la interfaz DCOM."}], "id": "CVE-2017-6867", "lastModified": "2018-06-14T01:29:31.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-11T10:29:00.260", "references": [{"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98368"}, {"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "productcert@siemens.com", "type": "Secondary"}]}