CVE-2016-10041

{"id": "CVE-2016-10041", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2016-12-25T07:59:00.157", "references": [{"url": "http://www.securityfocus.com/bid/95296", "source": "cve@mitre.org"}, {"url": "https://www.sprecher-automation.com/en/it-security/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95296", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sprecher-automation.com/en/it-security/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers."}, {"lang": "es", "value": "Un problema fue descubierto en Sprecher Automation SPRECON-E Service Program en versiones anteriores a 3.43 SP0. Bajo ciertas precondiciones, es posible ejecutar la simulaci\u00f3n de telegramas como un usuario no administrador. Como prerrequisitos, un usuario debe haber creado una conexi\u00f3n en l\u00ednea, v\u00e1lidamente autenticado y autorizado como administrador, y ejecutado la simulaci\u00f3n de telegrama. Despu\u00e9s de eso, la conexi\u00f3n en l\u00ednea debe haber sido cerrada. El almacenamiento en cach\u00e9 de los datos de un cliente incorrecto puede conducir a una escalada de privilegios, donde se permite a un usuario que no es administrador actuar posteriormente para hacer una simulaci\u00f3n de telegrama. Para explotar esta vulnerabilidad, un atacante potencial podr\u00eda necesitar tener ambos una cuenta de ingenier\u00eda v\u00e1lida en el sistema SPRECON RBAC as\u00ed como acceso a un ordenador de servicio/mantenimiento ejecutando SPRECON-E Service Program. Adem\u00e1s, un usuario administrador v\u00e1lido debe haber cerrado la conexi\u00f3n de servicio de antemano sin cerrar el programa, habiendo ejecutado la simulaci\u00f3n de telegrama; el atacante entonces tiene acceso a la instancia de software en ejecuci\u00f3n. Por lo tanto, no hay riesgo de atacantes externos."}], "lastModified": "2024-11-21T02:43:08.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sprecher-automation:sprecon-e_service_program:3.42:sp0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28D04F30-6D16-46C1-A1D5-FFCF8F255692"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}