Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-13804

Опубликовано: 13 дек. 2018
Источник: nvd
CVSS3: 8.1
CVSS2: 9.3
EPSS Низкий

Описание

A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:simatic_it_line_monitoring_system:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_it_production_suite:v7.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:*:*:*:*:*:*:*:*
Версия до v1.2 (включая)
cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v1.3:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v2.3:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03384
Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-287
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-hf5v-q9xg-wmjx

CVSS3: 8.1
github
больше 3 лет назад

A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.

fstec логотип

BDU:2019-00120

CVSS3: 7.7
fstec
около 7 лет назад

Уязвимость в программном обеспечении Simatic IT, связанная с недостатками механизмов аутентификации, позволяющая нарушителю обойти проверку подлинности на уровне приложений

EPSS

Процентиль: 87%
0.03384
Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-287
NVD-CWE-noinfo