All the vulnerabilites related to Siemens AG - Siemens Power Meters Series 9810
cve-2019-10938
Vulnerability from cvelistv5
Published
2019-08-02 13:54
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens AG | SIPROTEC 5 devices with CPU variants CP200 |
Version: All versions < V7.59 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 5 devices with CPU variants CP200",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.59"
}
]
},
{
"product": "SIPROTEC 5 devices with CPU variants CP300 and CP100",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.01"
}
]
},
{
"product": "Siemens Power Meters Series 9410",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.2.1"
}
]
},
{
"product": "Siemens Power Meters Series 9810",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions \u003c V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions \u003c V8.01), Siemens Power Meters Series 9410 (All versions \u003c V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T16:17:59",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 5 devices with CPU variants CP200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.59"
}
]
}
},
{
"product_name": "SIPROTEC 5 devices with CPU variants CP300 and CP100",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.01"
}
]
}
},
{
"product_name": "Siemens Power Meters Series 9410",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.2.1"
}
]
}
},
{
"product_name": "Siemens Power Meters Series 9810",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions \u003c V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions \u003c V8.01), Siemens Power Meters Series 9410 (All versions \u003c V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10938",
"datePublished": "2019-08-02T13:54:07",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}