Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10925

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Published

2019-06-12T14:29:04.477

Last Modified

2024-11-21T04:20:09.977

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-284
  • Type: Secondary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System siemens simatic_mv420_firmware * Yes
Hardware siemens simatic_mv420 - No
Operating System siemens simatic_mv440_firmware * Yes
Hardware siemens simatic_mv440 - No
References