All the vulnerabilites related to Siemens - SCALANCE X-414-3E
var-201906-0210
Vulnerability from variot
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. plural SCALANCE The product contains vulnerabilities related to certificate and password management.Information may be obtained. SiemensSCALANCEXswitches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A local information disclosure vulnerability exists in SiemensSCALANCEXSwitches. Local attackers can exploit vulnerabilities to obtain sensitive information. Siemens SCALANCE X Switches are prone to an local information-disclosure vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. A trust management issue vulnerability exists in several Siemens products due to the program storing passwords in a recoverable format
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance x-200",
"scope": "lt",
"trust": 1.8,
"vendor": "siemens",
"version": "5.2.4"
},
{
"model": "scalance x-414-3e",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x-300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x-414-3e",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x-200irt",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x200 irt",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-300"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-200\u003cv5.2.4"
},
{
"model": "scalance x-200irt",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x-414-3e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x-3000"
},
{
"model": "scalance x-200irt",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x-2005.2.3"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x-2004.5"
},
{
"model": "scalance",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "x-2005.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 200irt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 300",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 414 3e",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"db": "BID",
"id": "108726"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"db": "NVD",
"id": "CVE-2019-6567"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-414-3e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-414-3e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6567"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Christopher Wade from Pen Test Partners,Siemens thanks Christopher Wade from Pen Test Partners for coordinated disclosure. Siemens reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6567",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6567",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-17149",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-158002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6567",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6567",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-17149",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-517",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158002",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"db": "VULHUB",
"id": "VHN-158002"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"db": "NVD",
"id": "CVE-2019-6567"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. plural SCALANCE The product contains vulnerabilities related to certificate and password management.Information may be obtained. SiemensSCALANCEXswitches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A local information disclosure vulnerability exists in SiemensSCALANCEXSwitches. Local attackers can exploit vulnerabilities to obtain sensitive information. Siemens SCALANCE X Switches are prone to an local information-disclosure vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. A trust management issue vulnerability exists in several Siemens products due to the program storing passwords in a recoverable format",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6567"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"db": "BID",
"id": "108726"
},
{
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"db": "VULHUB",
"id": "VHN-158002"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6567",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-646841",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-162-04",
"trust": 1.7
},
{
"db": "BID",
"id": "108726",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201906-517",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-17149",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572",
"trust": 0.8
},
{
"db": "IVD",
"id": "837D970C-B3A2-4F6A-AA55-5BFC45DCB3B6",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158002",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"db": "VULHUB",
"id": "VHN-158002"
},
{
"db": "BID",
"id": "108726"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"db": "NVD",
"id": "CVE-2019-6567"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
]
},
"id": "VAR-201906-0210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"db": "VULHUB",
"id": "VHN-158002"
}
],
"trust": 1.4816919199999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-17149"
}
]
},
"last_update_date": "2023-12-18T12:17:57.698000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-646841",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
},
{
"title": "Patch for SiemensSCALANCEXSwitches Local Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/163431"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158002"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"db": "NVD",
"id": "CVE-2019-6567"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-162-04"
},
{
"trust": 0.9,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-162-04"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6567"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6567"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108726"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-162-04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"db": "VULHUB",
"id": "VHN-158002"
},
{
"db": "BID",
"id": "108726"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"db": "NVD",
"id": "CVE-2019-6567"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"db": "VULHUB",
"id": "VHN-158002"
},
{
"db": "BID",
"id": "108726"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"db": "NVD",
"id": "CVE-2019-6567"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"date": "2019-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"date": "2019-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-158002"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108726"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"date": "2019-06-12T14:29:04.820000",
"db": "NVD",
"id": "CVE-2019-6567"
},
{
"date": "2019-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17149"
},
{
"date": "2020-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-158002"
},
{
"date": "2019-06-11T00:00:00",
"db": "BID",
"id": "108726"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005572"
},
{
"date": "2021-02-09T18:15:16.183000",
"db": "NVD",
"id": "CVE-2019-6567"
},
{
"date": "2021-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "108726"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SCALANCE X Switches Local Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6"
},
{
"db": "CNVD",
"id": "CNVD-2019-17149"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-517"
}
],
"trust": 0.6
}
}
cve-2019-6567
Vulnerability from cvelistv5
Published
2019-06-12 13:47
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c V5.2.4"
}
]
},
{
"product": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X-414-3E",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T15:38:17",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-6567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c V5.2.4"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.3"
}
]
}
},
{
"product_name": "SCALANCE X-414-3E",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257: Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-6567",
"datePublished": "2019-06-12T13:47:56",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-08-04T20:23:22.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}