NVD Vulnerability Detail

CVE-2018-13804

Summary	A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.
Publication Date	Dec. 14, 2018, 1:29 a.m.
Registration Date	March 1, 2021, 6:55 p.m.
Last Update	Nov. 21, 2024, 12:48 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v1.3:::::::*
cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing::::::::		v1.2
cpe:2.3:a:siemens:simatic_it_production_suite:v7.1:::::::*
cpe:2.3:a:siemens:simatic_it_line_monitoring_system::::::::
cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v2.4:::::::*
cpe:2.3:a:siemens:simatic_it_ua_discrete_manufacturing:v2.3:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/105924	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/105924	Third Party Advisory VDB Entry
3	https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf	Vendor Advisory
4	https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf	Vendor Advisory

Common Vulnerabilities List

JVN Vulnerability Information

複数の SIMATIC 製品におけるアクセス制御に関する脆弱性

Title	複数の SIMATIC 製品におけるアクセス制御に関する脆弱性
Summary	SIMATIC IT LMS、SIMATIC IT Production Suite、SIMATIC IT UA Discrete Manufacturing には、アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 13, 2018, midnight
Registration Date	March 25, 2019, 3:03 p.m.
Last Update	March 29, 2019, 11:10 a.m.

Affected System

シーメンス

SIMATIC IT LMS

SIMATIC IT Production Suite 7.1 Upd3 未満の 7.1

SIMATIC IT UA Discrete Manufacturing 1.2 およびそれ以前

SIMATIC IT UA Discrete Manufacturing 1.3

SIMATIC IT UA Discrete Manufacturing 2.3

SIMATIC IT UA Discrete Manufacturing 2.4

SIMATIC IT UA Discrete Manufacturing 1.2 およびそれ以前

SIMATIC IT UA Discrete Manufacturing 1.3

SIMATIC IT UA Discrete Manufacturing 2.3

SIMATIC IT UA Discrete Manufacturing 2.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-13804	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13804
2	CVE-2018-13804	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13804
National Vulnerability Database (NVD)
3	CVE-2018-13804	https://nvd.nist.gov/vuln/detail/CVE-2018-13804
4	CVE-2018-13804	https://nvd.nist.gov/vuln/detail/CVE-2018-13804

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-284	https://cwe.mitre.org/data/definitions/284.html
2	CWE-284	https://cwe.mitre.org/data/definitions/284.html

ベンダー情報

No	Name	URL
Siemens Security Advisory
1	SSA-886615	https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf
2	SSA-886615	https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-18-317-07	https://ics-cert.us-cert.gov/advisories/ICSA-18-317-07
2	ICSA-18-317-07	https://ics-cert.us-cert.gov/advisories/ICSA-18-317-07

Change Log

No	Changed Details	Date of change
1	[2019年03月25日] 掲載	March 25, 2019, 3:03 p.m.
2	[2019年03月29日] 参考情報：ICS-CERT ADVISORY (ICSA-18-317-07) を追加	March 29, 2019, 11:08 a.m.