Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-13799
HistorySep 12, 2018 - 1:29 p.m.

CVE-2018-13799

2018-09-1213:29:00
CWE-269
[email protected]
web.nvd.nist.gov
33
cve-2018-13799
vulnerability
simatic wincc oa
access control
escalation
network security
nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known.

Affected configurations

NVD
Node
siemenssimatic_wincc_open_architectureRange3.14

CNA Affected

[
  {
    "product": "SIMATIC WinCC OA V3.14 and prior",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "SIMATIC WinCC OA V3.14 and prior : All versions < V3.14-P021"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
ics 1
prion 1
cvelist
cvelist
CVE-2018-13799
2018-09-11 00:00:00
nvd
nvd
CVE-2018-13799
2018-09-12 13:29:00
ics
ics
Siemens SIMATIC WinCC OA
2018-09-11 12:00:00
prion
prion
Improper access control
2018-09-12 13:29:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON
Related for CVE-2018-13799
cvelist1nvd1ics1prion1