CVE-2012-3015

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf	Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:simatic_pcs7::sp3::::::*
	cpe:2.3:a:siemens:simatic_step_7::::::::

History

No history.

Information

Published : 2012-07-26 10:41

Updated : 2012-07-30 04:00

NVD link : CVE-2012-3015

Mitre link : CVE-2012-3015

CVE.ORG link : CVE-2012-3015

JSON object : View

Products Affected

siemens

simatic_step_7
simatic_pcs7

CWE

NVD-CWE-Other

{"id": "CVE-2012-3015", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-07-26T10:41:47.980", "references": [{"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder."}, {"lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en Siemens SIMATIC STEP7 v5.5 SP1, tal como se utilizan en SIMATIC PCS7 v7.1 Service Pack 3 y productos anteriores y de otro tipo, permite a usuarios locales conseguir privilegios a trav\u00e9s de un DLL troyano en una carpeta de proyecto de STEP7.\r\n"}], "lastModified": "2012-07-30T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27E6D609-BFD5-46D2-BA2F-156DBD5BF38B", "versionEndIncluding": "7.1"}, {"criteria": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "640B7EFA-E1BD-4350-A995-FD235F62A27F", "versionEndIncluding": "5.5"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "sourceIdentifier": "ics-cert@hq.dhs.gov"}