CVE-2018-13799 - OpenCVE

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simatic Wincc Open Architecture

Configuration 1 [-]

cpe:2.3:o:siemens:simatic_wincc_open_architecture:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105332
https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2018-09-12T14:00:00Z

Updated: 2024-09-16T17:38:43.166Z

Reserved: 2018-07-10T00:00:00

Link: CVE-2018-13799

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-12T13:29:00.907

Modified: 2019-10-09T23:34:31.967

Link: CVE-2018-13799

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SIMATIC WinCC OA V3.14 and prior", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "SIMATIC WinCC OA V3.14 and prior : All versions < V3.14-P021"}]}], "datePublic": "2018-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-13T09:57:01", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"name": "105332", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105332"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "DATE_PUBLIC": "2018-09-11T00:00:00", "ID": "CVE-2018-13799", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SIMATIC WinCC OA V3.14 and prior", "version": {"version_data": [{"version_value": "SIMATIC WinCC OA V3.14 and prior : All versions < V3.14-P021"}]}}]}, "vendor_name": "Siemens AG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269: Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "105332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105332"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:14:47.217Z"}, "title": "CVE Program Container", "references": [{"name": "105332", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105332"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2018-13799", "datePublished": "2018-09-12T14:00:00Z", "dateReserved": "2018-07-10T00:00:00", "dateUpdated": "2024-09-16T17:38:43.166Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "916366C7-71F1-49B2-9153-47A1DC9FCCFB", "versionEndIncluding": "3.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC WinCC OA V3.14 y anteriores (todas las versiones anteriores a la V3.14-P021). El control de acceso incorrecto a un punto de datos del producto afectado podr\u00eda permitir que un usuario remoto no autenticado escale sus privilegios en el contexto de SIMATIC WinCC OA V3.14. Esta vulnerabilidad podr\u00eda ser explotada por un atacante con acceso de red al puerto 5678/TCP del servidor SIMATIC WinCC OA V3.14. Su explotaci\u00f3n con \u00e9xito no requiere privilegios de usuario ni interacci\u00f3n. Esta vulnerabilidad podr\u00eda permitir que un atacante comprometa la integridad y disponibilidad del sistema SIMATIC WinCC OA. En el momento de la publicaci\u00f3n del advisory, no se conoce ninguna explotaci\u00f3n p\u00fablica de la vulnerabilidad."}], "id": "CVE-2018-13799", "lastModified": "2019-10-09T23:34:31.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-12T13:29:00.907", "references": [{"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105332"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "productcert@siemens.com", "type": "Secondary"}]}