Vulnerabilites related to siemens - sinamics_perfect_harmony_gh180
Vulnerability from fkie_nvd
Published
2020-01-16 16:15
Modified
2024-11-21 04:34
Summary
A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:sinamics_perfect_harmony_gh180_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9792F8C9-51AE-4A5F-B644-5479C78F5202",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:sinamics_perfect_harmony_gh180:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1C86C1E-8320-4C73-80C9-E4257E7A7D31",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",
      },
      {
         lang: "es",
         value: "Se ha identificado una vulnerabilidad en Unidades SINAMICS PERFECT HARMONY GH180 MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... con la opción A30 (HMIs 12 pulg. o superior) (Todas las versiones), Unidades SINAMICS PERFECT HARMONY GH180 MLFB 6SR325.-.....-.... (Alta Disponibilidad) (Todas las versiones) . El dispositivo afectado contiene una vulnerabilidad que podría permitir a un atacante no autenticado restaurar el dispositivo afectado a un punto donde los mecanismos de protección del sistema operativo y las aplicaciones predefinidas no se encuentren en su lugar. Una explotación con éxito requiere un acceso físico al sistema, pero no privilegios del sistema ni una interacción del usuario. Un atacante podría usar la vulnerabilidad para comprometer la confidencialidad, integridad y disponibilidad del dispositivo. Al momento de la publicación del aviso, no se conocía una explotación pública de esta vulnerabilidad de seguridad.",
      },
   ],
   id: "CVE-2019-19278",
   lastModified: "2024-11-21T04:34:29.100",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "PHYSICAL",
               availabilityImpact: "HIGH",
               baseScore: 6.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-16T16:15:17.043",
   references: [
      {
         source: "productcert@siemens.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf",
      },
      {
         source: "productcert@siemens.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-04",
      },
   ],
   sourceIdentifier: "productcert@siemens.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-693",
            },
         ],
         source: "productcert@siemens.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-04-13 17:15
Modified
2024-11-21 06:02
Severity ?
Summary
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
Impacted products
Vendor Product Version
windriver vxworks *
siemens ruggedcom_win_subscriber_station_firmware *
siemens ruggedcom_win_subscriber_station -
siemens scalance_x200-4_p_irt_firmware *
siemens scalance_x200-4_p_irt -
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x201-3p_irt -
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x201-3p_irt_pro -
siemens scalance_x202-2_irt_firmware *
siemens scalance_x202-2_irt -
siemens scalance_x202-2p_irt_firmware *
siemens scalance_x202-2p_irt -
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x202-2p_irt_pro -
siemens scalance_x204_irt_firmware *
siemens scalance_x204_irt -
siemens scalance_x204_irt_pro_firmware *
siemens scalance_x204_irt_pro -
siemens scalance_x204-2_firmware *
siemens scalance_x204-2 -
siemens scalance_x204-2fm_firmware *
siemens scalance_x204-2fm -
siemens scalance_x204-2ld_firmware *
siemens scalance_x204-2ld -
siemens scalance_x204-2ld_ts_firmware *
siemens scalance_x204-2ld_ts -
siemens scalance_x204-2ts_firmware *
siemens scalance_x204-2ts -
siemens scalance_x206-1_firmware *
siemens scalance_x206-1 -
siemens scalance_x206-1ld_firmware *
siemens scalance_x206-1ld -
siemens scalance_x208_firmware *
siemens scalance_x208 -
siemens scalance_x208_pro_firmware *
siemens scalance_x208_pro -
siemens scalance_x212-2_firmware *
siemens scalance_x212-2 -
siemens scalance_x212-2ld_firmware *
siemens scalance_x212-2ld -
siemens scalance_x216_firmware *
siemens scalance_x216 -
siemens scalance_x224_firmware *
siemens scalance_x224 -
siemens scalance_x300_firmware *
siemens scalance_x300 -
siemens scalance_x408_firmware *
siemens scalance_x408 -
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_xf201-3p_irt -
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xf202-2p_irt -
siemens scalance_xf204_firmware *
siemens scalance_xf204 -
siemens scalance_xf204_irt_firmware *
siemens scalance_xf204_irt -
siemens scalance_xf204-2_firmware *
siemens scalance_xf204-2 -
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_xf204-2ba_irt -
siemens scalance_xf206-1_firmware *
siemens scalance_xf206-1 -
siemens scalance_xf208_firmware *
siemens scalance_xf208 -
siemens simatic_rf_181_eip_firmware *
siemens simatic_rf_181_eip -
siemens simatic_rf_182c_firmware *
siemens simatic_rf_182c -
siemens sinamics_perfect_harmony_gh180_firmware *
siemens sinamics_perfect_harmony_gh180 -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03B0DF42-7A4C-4D11-845C-43FDD54C3E18",
                     versionEndExcluding: "6.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:ruggedcom_win_subscriber_station_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "789B059C-4E07-44A3-A69F-A77FEC3ED3D2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:ruggedcom_win_subscriber_station:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8442F026-8F07-40C1-8845-460FE87DD16E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x200-4_p_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5402555C-7F00-4CB2-8EB7-8CC678170C58",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x200-4_p_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73E42E20-18CB-40A7-B6D5-751F26303995",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F45960F-8E24-497B-86D3-40816FDAFCAE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3268CF75-6DAB-416A-B19B-2A8F95C268CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E81C7358-632C-47AC-A2D2-F3C390CC452A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "492E8AC1-338B-4AC3-90C7-1FADCD4528C4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x202-2_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "68AB0A4C-7867-4C50-A500-9D7F00219B5C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x202-2_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "577D1E21-717C-4508-AE91-0BC490C89F85",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11AEF3D6-96B0-431F-A664-E8E281CDA61C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEB62730-E759-455A-A308-F9DB084B35B5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "70610406-76B7-47E6-A389-622074C72617",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4726901-34BF-4F70-80A6-71648A4A29FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "538627CD-9730-4F63-83A8-CA9C447E4766",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BC31F0E-389B-4925-88DE-726F2F0D2A23",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204_irt_pro_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "034BA07A-82E8-49BC-A392-55D617BB52D2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204_irt_pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FF096BA-A6F4-46B3-9B9B-7FCEE7E6A6C3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C3DA812-8E86-4C23-B92D-3655575B2676",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E38CE5A4-3EB1-4E93-BEB7-520E08DA6720",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E170F607-8B16-4F54-81E5-97F0D02D1EB7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FCBC784-8EA0-4C6C-B504-DFC164028E4B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DA642A1-6054-48FB-A6B8-8E0859B377D3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BE27611-53E7-4162-8630-5BC334B02E37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF1A11A6-1ECD-4F41-9175-90E78D097B5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FDEBD6B-6BE4-4FAD-A4E6-BE762595434D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "56885E0C-CF3A-4DBC-87D1-113A2578C641",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FFC1E9-4326-4F41-A86A-C52AB6A9A674",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "72B90335-C0B4-4AB8-89ED-C7DE860871CC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A5BB0F2-DD4C-4AB4-9B8F-B2501B239080",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCC23F70-522C-4963-87C7-9F28D3D2C1E1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DFF7FB7-774B-45ED-8400-951230DF0511",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "697984F9-8A95-42A4-BCA9-D181D849299E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x208:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3B574E2-F7BA-496B-887C-D25F386AA5E1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AF06E74-9DD6-42BF-85FB-CB6A50D25063",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2C9BA52-59BD-49B2-B932-9A364D9E6365",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2620D247-4608-44CF-90B2-1097D98EB067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E716A4E-50A9-4C52-8DA9-098F7506F4B5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B0864B-8696-42B9-A409-958D879294D3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C08CDEE3-43EB-475E-8571-6E12824714FD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D73D50F-6BC0-47A3-BBCE-51AC3E42E6D7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x216:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0C4BAB5-E161-4B59-8A8C-369C7852A66E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "39963CE4-018F-4229-90BF-F647F4E264AD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x224:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2203895-BC4E-4B2F-9110-C2CD88A121F2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42E2C599-41E1-473A-8E05-011C5DE120D1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3F6299B-D7E3-4750-B016-7DCBC83C2287",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "161EF365-C693-4FFE-97DF-DE96B84B98A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "47F713E4-4B75-476E-BC21-92CA10198AE9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C4E4AA9-CDFF-4742-8680-79711FBE865D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "41614C70-97B4-44C8-A441-530A413A26F9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08E037EF-75CD-4A27-96BC-7DAF113A7BE5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6751FB7D-C72C-4321-B535-5880FE696FC3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "89727F5E-2482-4C47-BAF7-91735B098790",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F1AE867-67B4-4871-BF56-88017533A737",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_xf204_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57808C94-3438-4DA9-9995-6CE2FCA06D59",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_xf204_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25DDF1EB-80E7-491F-A197-1B220E35CDF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F0D5718-455A-4FE1-B2D4-14CD1A3C4096",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "69285324-4C0B-4BDC-B60D-F653679DD52D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F316894-3BBB-4B72-8636-23868BF557AB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "99E6AFAA-B903-47BB-B0F3-7650B039C0FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D7CC146-F73F-4635-A356-DE0CA8D8DE59",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B40D2EB-5C69-47FA-801B-DC48407D418C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5446CA2B-054C-4804-BBDD-685A8F802FF0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "898613B2-4A9D-44B9-A3FC-4347A2AD7CAB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_rf_181_eip_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B750B38E-EB65-4812-B9AA-33CA3F887B80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_rf_181_eip:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "69DC3D78-6E5C-4623-A416-D135DC978D57",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:simatic_rf_182c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7DFC5CB-F4DF-489E-B438-7FD5E4061DF7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:simatic_rf_182c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0074582F-B557-462A-9A77-13EAE9F8654F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:sinamics_perfect_harmony_gh180_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E22ACA9-EBF1-43D0-ADC2-DA9A965CEDB8",
                     versionEndExcluding: "2022",
                     versionStartIncluding: "2015",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:sinamics_perfect_harmony_gh180:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1C86C1E-8320-4C73-80C9-E4257E7A7D31",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en Wind River VxWorks versiones anteriores a 6.5. Se presenta un posible desbordamiento de la pila en el cliente dhcp",
      },
   ],
   id: "CVE-2021-29998",
   lastModified: "2024-11-21T06:02:08.550",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-13T17:15:12.310",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support2.windriver.com/index.php?page=security-notices",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support2.windriver.com/index.php?page=security-notices",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2021-29998
Vulnerability from cvelistv5
Published
2021-04-13 16:16
Modified
2024-08-03 22:24
Severity ?
Summary
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T22:24:59.358Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support2.windriver.com/index.php?page=security-notices",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-12T10:06:15",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support2.windriver.com/index.php?page=security-notices",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-29998",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support2.windriver.com/index.php?page=security-notices",
                     refsource: "MISC",
                     url: "https://support2.windriver.com/index.php?page=security-notices",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf",
                  },
                  {
                     name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
                     refsource: "MISC",
                     url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-29998",
      datePublished: "2021-04-13T16:16:51",
      dateReserved: "2021-04-02T00:00:00",
      dateUpdated: "2024-08-03T22:24:59.358Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19278
Vulnerability from cvelistv5
Published
2020-01-16 15:35
Modified
2024-08-05 02:09
Severity ?
Summary
A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:09:39.676Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-04",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR32..-.....-....\n\n MLFB 6SR4...-.....-....\n\n MLFB 6SR5...-.....-....\n\n With option A30 (HMIs 12 inches or larger)",
               vendor: "Siemens AG",
               versions: [
                  {
                     status: "affected",
                     version: "All versions",
                  },
               ],
            },
            {
               product: "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR325.-.....-.... (High Availability)",
               vendor: "Siemens AG",
               versions: [
                  {
                     status: "affected",
                     version: "All versions",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-693",
                     description: "CWE-693: Protection Mechanism Failure",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-21T19:57:06",
            orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            shortName: "siemens",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-04",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "productcert@siemens.com",
               ID: "CVE-2019-19278",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR32..-.....-....\n\n MLFB 6SR4...-.....-....\n\n MLFB 6SR5...-.....-....\n\n With option A30 (HMIs 12 inches or larger)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "All versions",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR325.-.....-.... (High Availability)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "All versions",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Siemens AG",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-693: Protection Mechanism Failure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf",
                  },
                  {
                     name: "https://www.us-cert.gov/ics/advisories/icsa-20-014-04",
                     refsource: "MISC",
                     url: "https://www.us-cert.gov/ics/advisories/icsa-20-014-04",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
      assignerShortName: "siemens",
      cveId: "CVE-2019-19278",
      datePublished: "2020-01-16T15:35:24",
      dateReserved: "2019-11-26T00:00:00",
      dateUpdated: "2024-08-05T02:09:39.676Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}