Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10930

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.

Published

2019-07-11T22:15:11.560

Last Modified

2024-11-21T04:20:10.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-552
Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	digsi_5_engineering_software	7.90	Yes
Application	siemens	siprotec_5_digsi_device_driver	7.90	Yes
Hardware	siemens	6md85	-	No
Hardware	siemens	6md86	-	No
Hardware	siemens	6md89	-	No
Hardware	siemens	7sa82	-	No
Hardware	siemens	7sa86	-	No
Hardware	siemens	7sa87	-	No
Hardware	siemens	7sd82	-	No
Hardware	siemens	7sd86	-	No
Hardware	siemens	7sd87	-	No
Hardware	siemens	7sj82	-	No
Hardware	siemens	7sj85	-	No
Hardware	siemens	7sj86	-	No
Hardware	siemens	7sk82	-	No
Hardware	siemens	7sk85	-	No
Hardware	siemens	7sl82	-	No
Hardware	siemens	7sl86	-	No
Hardware	siemens	7sl87	-	No
Hardware	siemens	7um85	-	No
Hardware	siemens	7ut82	-	No
Hardware	siemens	7ut85	-	No
Hardware	siemens	7ut86	-	No
Hardware	siemens	7ut87	-	No
Hardware	siemens	7ve85	-	No
Hardware	siemens	7vk87	-	No

References

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)