cnvd - cnvd-2019-17521

CNVD-2019-17521

Vulnerability from cnvd - Published: 2019-06-14

Title

多款Siemens产品输入验证错误漏洞

Description

Siemens SINAMICS PERFECT HARMONY GH180是德国西门子（Siemens）公司的一款高压交流变频器。多款Siemens产品中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可以使用该漏洞来损害受影响系统的可用性。

Severity

中

Patch Name

多款Siemens产品输入验证错误漏洞的补丁

Patch Description

Siemens SINAMICS PERFECT HARMONY GH180是德国西门子（Siemens）公司的一款高压交流变频器。多款Siemens产品中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可以使用该漏洞来损害受影响系统的可用性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf

Impacted products

Name
['Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR2', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR3', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR4', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR2', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR3', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR4']

Name

['Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR2', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR3', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR4', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR2', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR3', 'Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6578"
    }
  },
  "description": "Siemens SINAMICS PERFECT HARMONY GH180\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9ad8\u538b\u4ea4\u6d41\u53d8\u9891\u5668\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u8be5\u6f0f\u6d1e\u6765\u635f\u5bb3\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u53ef\u7528\u6027\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-17521",
  "openTime": "2019-06-14",
  "patchDescription": "Siemens SINAMICS PERFECT HARMONY GH180\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9ad8\u538b\u4ea4\u6d41\u53d8\u9891\u5668\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u8be5\u6f0f\u6d1e\u6765\u635f\u5bb3\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR2",
      "Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR3",
      "Siemens SINAMICS PERFECT HARMONY GH180 with NXG II control MLFBs 6SR4",
      "Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR2",
      "Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR3",
      "Siemens SINAMICS PERFECT HARMONY GH180 with NXG I control MLFBs 6SR4"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2019-05-14",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-6578 (GCVE-0-2019-6578)

Vulnerability from cvelistv5 – Published: 2019-05-14 19:54 – Updated: 2024-08-04 20:23

Summary

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Severity ?

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Assigner

siemens

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSA-19-134-05	x_refsource_MISC

Impacted products

Vendor

Product

Version

Siemens AG

SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-

Affected: All Versions with option G28

Siemens AG

SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-

Affected: All Versions with option G28

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:22.049Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions with option G28"
            }
          ]
        },
        {
          "product": "SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions with option G28"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-15T15:22:40",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2019-6578",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Versions with option G28"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Versions with option G28"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-6578",
    "datePublished": "2019-05-14T19:54:48",
    "dateReserved": "2019-01-22T00:00:00",
    "dateUpdated": "2024-08-04T20:23:22.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-17521

CVE-2019-6578 (GCVE-0-2019-6578)

Tags

Sightings

Nomenclature