The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SIMATIC

computer vulnerability alert CVE-2016-9160

SIMATIC WinCC, PCS 7: out-of-bounds memory reading via ActiveX

Synthesis of the vulnerability

An attacker can force a read at an invalid address via ActiveX of SIMATIC WinCC, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 09/12/2016.
Identifiers: CERTFR-2016-AVI-405, CVE-2016-9160, SSA-693129, VIGILANCE-VUL-21346.

Description of the vulnerability

The SIMATIC WinCC product, included in PCS 7, offers a web service.

However, it tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via ActiveX of SIMATIC WinCC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-9158 CVE-2016-9159

SIMATIC S7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC S7.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2016.
Identifiers: CERTFR-2016-AVI-405, CVE-2016-9158, CVE-2016-9159, SSA-731239, VIGILANCE-VUL-21345.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC S7.

An attacker can send malicious HTTP packets, in order to trigger a denial of service. [severity:2/4; CVE-2016-9158]

An attacker can bypass security features via ISO-TSAP, in order to escalate his privileges. [severity:2/4; CVE-2016-9159]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-8672 CVE-2016-8673

SIMATIC CP/S7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC CP/S7.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 22/11/2016.
Identifiers: CVE-2016-8672, CVE-2016-8673, SSA-603476, VIGILANCE-VUL-21171.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC CP/S7.

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2016-8673]

An attacker can bypass security features via Cookies, in order to obtain sensitive information. [severity:2/4; CVE-2016-8672]

An attacker can act as a Man-in-the-Middle via IKEv1 Cipher Suite, in order to read or write data in the session. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-8561 CVE-2016-8562

SIMATIC CP 1543-1: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC CP 1543-1.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/11/2016.
Identifiers: CERTFR-2016-AVI-384, CVE-2016-8561, CVE-2016-8562, SSA-672373, VIGILANCE-VUL-21158.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC CP 1543-1.

An attacker can bypass security features via TIA-Portal, in order to escalate his privileges. [severity:2/4; CVE-2016-8561]

An attacker can write variables via SNMP, in order to trigger a denial of service. [severity:2/4; CVE-2016-8562]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-7165

Siemens SIMATIC: privilege escalation via Windows

Synthesis of the vulnerability

An attacker can bypass restrictions via Windows of Siemens SIMATIC, in order to escalate his privileges.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 08/11/2016.
Identifiers: CERTFR-2016-AVI-369, CVE-2016-7165, SSA-701708, VIGILANCE-VUL-21059.

Description of the vulnerability

An attacker can bypass restrictions via Windows of Siemens SIMATIC, in order to escalate his privileges. The vulnerability exists only if the program has been installed in a different folder than the default one.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-7959 CVE-2016-7960

SIMATIC STEP 7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC STEP 7.
Impacted products: SIMATIC.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/10/2016.
Identifiers: CERTFR-2016-AVI-347, CVE-2016-7959, CVE-2016-7960, SSA-869766, VIGILANCE-VUL-20845.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC STEP 7.

A local attacker can perform a brute-force, in order to obtain sensitive information about machine to machine communication. [severity:1/4; CVE-2016-7959]

An attacker can bypass security features via TIA Portal Project File, in order to obtain sensitive information. [severity:1/4; CVE-2016-7960]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Impacted products: Avaya Ethernet Routing Switch, Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, Avamar, VNX Operating Environment, VNX Series, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeRADIUS, hMailServer, HPE BSM, LoadRunner, HP Operations, Performance Center, Real User Monitoring, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Informix Server, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, McAfee Email Gateway, ePO, Data ONTAP 7-Mode, Snap Creator Framework, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, CERTFR-2019-AVI-311, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-2019-131, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SSA-556833, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-5874

SIMATIC NET PC-Software: denial of service via OPC-UA

Synthesis of the vulnerability

An attacker can send a malicious OPC-UA packet to SIMATIC NET PC-Software, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 25/07/2016.
Identifiers: CERTFR-2016-AVI-250, CVE-2016-5874, SSA-453276, VIGILANCE-VUL-20207.

Description of the vulnerability

The SIMATIC NET PC-Software product has a service to manage received OPC-UA packets on ports 55101-55105/tcp, 4845/tcp, and 4847-4850/tcp.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious OPC-UA packet to SIMATIC NET PC-Software, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5743 CVE-2016-5744

SIMATIC WinCC: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC WinCC.
Impacted products: SIMATIC.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/07/2016.
Identifiers: CERTFR-2016-AVI-250, CVE-2016-5743, CVE-2016-5744, SSA-378531, VIGILANCE-VUL-20206.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC WinCC.

An attacker can send a packet, in order to run code. [severity:3/4; CVE-2016-5743]

An attacker can traverse directories, in order to read a file outside the root path. [severity:2/4; CVE-2016-5744]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-3949

SIMATIC S7-300: denial of service via ISO-TSAP/Profibus

Synthesis of the vulnerability

An attacker can send a malicious ISO-TSAP/Profibus packet to SIMATIC S7-300, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 09/06/2016.
Identifiers: CERTFR-2016-AVI-196, CVE-2016-3949, SSA-818183, VIGILANCE-VUL-19848.

Description of the vulnerability

The SIMATIC S7-300 product has a service to manage received ISO-TSAP/Profibus packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious ISO-TSAP/Profibus packet to SIMATIC S7-300, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SIMATIC: