Vulnerabilities > CVE-2021-40363 - File and Directory Information Exposure vulnerability in Siemens Simatic PCS 7 and Simatic Wincc

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

siemens

CWE-538

NVD

Published: 2022-02-09

Updated: 2022-10-06

Summary

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic PCS 7 - Siemens Simatic PCS 7 6.0 Siemens Simatic PCS 7 6.1 Siemens Simatic PCS 7 7.0 Siemens Simatic PCS 7 7.1 Siemens Simatic PCS 7 8.0 Siemens Simatic PCS 7 8.1 Siemens Simatic PCS 7 8.2 Siemens Simatic PCS 7 9.0 Siemens Simatic PCS 7 9.1 Siemens Simatic Wincc 7.4 Siemens Simatic Wincc 14.0.1 Siemens Simatic Wincc 13 Siemens Simatic Wincc 7.5 Siemens Simatic Wincc - Siemens Simatic Wincc 6.2 Siemens Simatic Wincc 7.0 Siemens Simatic Wincc 7.1 Siemens Simatic Wincc 7.2 Siemens Simatic Wincc 7.3 Siemens Simatic Wincc 15.1 Siemens Simatic Wincc 16 Siemens Simatic Wincc 15 Siemens Simatic Wincc 17	80

Common Weakness Enumeration (CWE)

CWE-538 - File and Directory Information Exposure

Common Attack Pattern Enumeration and Classification (CAPEC)

Footprinting
An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
WSDL Scanning
This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf