cvelistv5 - cve-2019-10930

CVE-2019-10930 (GCVE-0-2019-10930)

Vulnerability from cvelistv5 – Published: 2019-07-11 21:17 – Updated: 2024-08-04 22:40

Summary

Severity ?

No CVSS data available.

CWE

CWE-552 - Files or Directories Accessible to External Parties

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/pdf/s…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Siemens AG

All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules

Affected: All versions

Siemens AG	DIGSI 5 engineering software	Affected: All versions < V7.90
Siemens AG	SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules	Affected: All versions < V7.90
Siemens AG	SIPROTEC 5 device types 7SS85 and 7KE85	Affected: All versions < V8.01
Siemens AG	SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules	Affected: All versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.221Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions "
            }
          ]
        },
        {
          "product": "DIGSI 5 engineering software",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.90"
            }
          ]
        },
        {
          "product": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.90"
            }
          ]
        },
        {
          "product": "SIPROTEC 5 device types 7SS85 and 7KE85",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.01"
            }
          ]
        },
        {
          "product": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552: Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T16:13:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2019-10930",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions "
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "DIGSI 5 engineering software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V7.90"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V7.90"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC 5 device types 7SS85 and 7KE85",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.01"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-552: Files or Directories Accessible to External Parties"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-10930",
    "datePublished": "2019-07-11T21:17:47",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.221Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:digsi_5_engineering_software:7.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4ECD61D0-7721-4E41-AF27-207270428969\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:7.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"667C7D61-C8C6-4343-81F6-1545183E6A1B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23076116-128D-4366-B5BC-B965001FE356\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3457758B-A04D-4544-B0FA-DF87AA11D8FE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F0672FC-AEC1-445B-B958-AEDB6DCEE1E6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF247CA0-37E1-40DF-96F5-9F00128EA250\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDD3C99B-CDD8-4919-BE72-73814C2642A4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBE6CCA9-A246-4EB2-A57B-FE6823A9E3FD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E11B4A68-F533-4AC0-80A9-7374FDFE2DEA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73F8D692-F268-45A4-9348-C67890A58881\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C5A3FFD-17AD-4820-97D3-2F093BD5F322\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5739872A-E271-48BB-ABB5-17608E81AE7A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECC6417D-2C81-4654-B7FF-6C3E1B709962\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C52A6630-46F3-4113-B5E8-F5BAB7801CB0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"088AC7F2-4FF3-4EF9-A111-D47DB859ECA1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73DD95AC-9B8F-43CD-9483-2BB9C4E86376\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A9F05D9-C1DF-4D73-8634-239ABFE526DB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C6662F7-5E3D-43A8-9984-EF1540BC917B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E122323B-A42B-4DAB-A071-ACF76DC45E28\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAA9E810-2C00-4721-B3A6-E7CD7184BA24\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E959A8E-21D1-4950-974B-A89693C14DC9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA075D19-21BF-4A7C-87B8-6A9D99799826\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AC0D445-9A9B-4799-8B83-8B15821A6CC1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2A73860-76C5-435B-8150-1EABF644ADA0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D58566D-C2F7-4D9A-ACD6-D493E4531491\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D9FD3B7-C7F7-41C1-9290-411F9D912D00\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en todos los dem\\u00e1s tipos de dispositivos SIPROTEC 5 con variantes de CPU CP300 y CP100 y los respectivos m\\u00f3dulos de comunicaci\\u00f3n Ethernet (todas las versiones), software de ingenier\\u00eda DIGSI 5 (todas las versiones anteriores a la versi\\u00f3n V7.90), tipos de dispositivos SIPROTEC 5 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 y  7VE85 y CPU con variantes CP300 y CP100 los respectivos m\\u00f3dulos de comunicaci\\u00f3n Ethernet (todas las versiones anteriores a la versi\\u00f3n V7.90), tipos de dispositivos SIPROTEC 5 7SS85 y 7KE85 (todas las versiones anteriores a la versi\\u00f3n V8.01), tipos de dispositivos SIPROTEC 5 con variantes de CP200 y los respectivos m\\u00f3dulos de comunicaci\\u00f3n Ethernet (todas las versiones). Un atacante remoto podr\\u00eda usar paquetes especialmente dise\\u00f1ados enviados al puerto 443/TCP para cargar, descargar o eliminar archivos en ciertas partes del sistema de archivos\"}]",
      "id": "CVE-2019-10930",
      "lastModified": "2024-11-21T04:20:10.640",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-11T22:15:11.560",
      "references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-10930\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2019-07-11T22:15:11.560\",\"lastModified\":\"2024-11-21T04:20:10.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en todos los dem\u00e1s tipos de dispositivos SIPROTEC 5 con variantes de CPU CP300 y CP100 y los respectivos m\u00f3dulos de comunicaci\u00f3n Ethernet (todas las versiones), software de ingenier\u00eda DIGSI 5 (todas las versiones anteriores a la versi\u00f3n V7.90), tipos de dispositivos SIPROTEC 5 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 y  7VE85 y CPU con variantes CP300 y CP100 los respectivos m\u00f3dulos de comunicaci\u00f3n Ethernet (todas las versiones anteriores a la versi\u00f3n V7.90), tipos de dispositivos SIPROTEC 5 7SS85 y 7KE85 (todas las versiones anteriores a la versi\u00f3n V8.01), tipos de dispositivos SIPROTEC 5 con variantes de CP200 y los respectivos m\u00f3dulos de comunicaci\u00f3n Ethernet (todas las versiones). Un atacante remoto podr\u00eda usar paquetes especialmente dise\u00f1ados enviados al puerto 443/TCP para cargar, descargar o eliminar archivos en ciertas partes del sistema de archivos\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:digsi_5_engineering_software:7.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ECD61D0-7721-4E41-AF27-207270428969\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:7.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667C7D61-C8C6-4343-81F6-1545183E6A1B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23076116-128D-4366-B5BC-B965001FE356\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3457758B-A04D-4544-B0FA-DF87AA11D8FE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F0672FC-AEC1-445B-B958-AEDB6DCEE1E6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF247CA0-37E1-40DF-96F5-9F00128EA250\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDD3C99B-CDD8-4919-BE72-73814C2642A4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBE6CCA9-A246-4EB2-A57B-FE6823A9E3FD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E11B4A68-F533-4AC0-80A9-7374FDFE2DEA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73F8D692-F268-45A4-9348-C67890A58881\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5A3FFD-17AD-4820-97D3-2F093BD5F322\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5739872A-E271-48BB-ABB5-17608E81AE7A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC6417D-2C81-4654-B7FF-6C3E1B709962\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52A6630-46F3-4113-B5E8-F5BAB7801CB0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088AC7F2-4FF3-4EF9-A111-D47DB859ECA1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73DD95AC-9B8F-43CD-9483-2BB9C4E86376\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A9F05D9-C1DF-4D73-8634-239ABFE526DB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C6662F7-5E3D-43A8-9984-EF1540BC917B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E122323B-A42B-4DAB-A071-ACF76DC45E28\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAA9E810-2C00-4721-B3A6-E7CD7184BA24\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E959A8E-21D1-4950-974B-A89693C14DC9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA075D19-21BF-4A7C-87B8-6A9D99799826\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AC0D445-9A9B-4799-8B83-8B15821A6CC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2A73860-76C5-435B-8150-1EABF644ADA0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D58566D-C2F7-4D9A-ACD6-D493E4531491\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D9FD3B7-C7F7-41C1-9290-411F9D912D00\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-47FM-3FQ2-MF5Q

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2022-05-24 16:50

Details

A vulnerability has been identified in SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions), DIGSI 5 engineering software (All versions < V7.90). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-10930"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-11T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions), DIGSI 5 engineering software (All versions \u003c V7.90). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.",
  "id": "GHSA-47fm-3fq2-mf5q",
  "modified": "2022-05-24T16:50:11Z",
  "published": "2022-05-24T16:50:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10930"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2019-AVI-311

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions antérieures à V7.90
Siemens	N/A	Spectrum Power 3, 4, 5 et 7
Siemens	N/A	SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Upd 11
Siemens	N/A	RAPIDPoint 500
Siemens	N/A	SIMATIC IPC627E avec un BIOS d'une version antérieure à V25.02.04
Siemens	N/A	SIMATIC PCS 7 V8.2 avec WinCC versions antérieures à V7.4 SP1 Upd 11
Siemens	N/A	SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions antérieures à VC12M sans le correctif AX037/19/P
Siemens	N/A	Sensis SIS Server Machine, Mat. Nr. 06648153: versions antérieures à VC11D, VC12M, VD11B sans le correctif AX037/19/P
Siemens	N/A	SIMATIC RF68XR versions antérieures à V3.2.1
Siemens	N/A	SIMATIC IPC427E avec un BIOS d'une version antérieure à V21.01.11
Siemens	N/A	SIMATIC IPC647E avec un BIOS d'une version antérieure à V25.02.04
Siemens	N/A	TIA Administrator versions antérieures à V1.0 SP1 Upd1
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd 3
Siemens	N/A	SIMATIC IPC847E avec un BIOS d'une version antérieure à V25.02.04
Siemens	N/A	SIMATIC IPC677E avec un BIOS d'une version antérieure à V25.02.04
Siemens	N/A	SIMATIC RF615R versions antérieures à V3.2.1
Siemens	N/A	SIMATIC IPC477E Pro avec un BIOS d'une version antérieure à V21.01.11
Siemens	N/A	Sensis High End SIS Server, Mat. Nr. 10140973: versions antérieures à VC11D, VC12M sans le correctif AX037/19/P
Siemens	N/A	SIMATIC IPC477E avec un BIOS d'une version antérieure à V21.01.11
Siemens	N/A	DIGSI 5 versions antérieures à V7.90
Siemens	N/A	SIMATIC PCS 7 V9.0 avec WinCC versions antérieures à V7.4 SP1 Upd 11
Siemens	N/A	VM SIS Virtual Server, Mat. Nr. 10765502: versions antérieures à VC12M sans le correctif AX037/19/P

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-166360 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-616199 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-121293 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-721298 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-616472 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-747162 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-899560 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-556833 du 09 juillet 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions ant\u00e9rieures \u00e0 V7.90",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power 3, 4, 5 et 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RAPIDPoint 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC627E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V8.2 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sensis SIS Server Machine, Mat. Nr. 06648153: versions ant\u00e9rieures \u00e0 VC11D, VC12M, VD11B sans le correctif AX037/19/P",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF68XR versions ant\u00e9rieures \u00e0 V3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Administrator versions ant\u00e9rieures \u00e0 V1.0 SP1 Upd1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF615R versions ant\u00e9rieures \u00e0 V3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E Pro avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sensis High End SIS Server, Mat. Nr. 10140973: versions ant\u00e9rieures \u00e0 VC11D, VC12M sans le correctif AX037/19/P",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "DIGSI 5 versions ant\u00e9rieures \u00e0 V7.90",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.0 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "VM SIS Virtual Server, Mat. Nr. 10765502: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2016-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6329"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2019-10930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10930"
    },
    {
      "name": "CVE-2019-10915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10915"
    },
    {
      "name": "CVE-2019-10931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10931"
    },
    {
      "name": "CVE-2019-10935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10935"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-10933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10933"
    },
    {
      "name": "CVE-2019-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0708"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-311",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-166360 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616199 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-121293 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-721298 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616472 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-747162 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-899560 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-556833 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
    }
  ]
}

CERTFR-2019-AVI-311

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions antérieures à V7.90
Siemens	N/A	Spectrum Power 3, 4, 5 et 7
Siemens	N/A	SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Upd 11
Siemens	N/A	RAPIDPoint 500
Siemens	N/A	SIMATIC IPC627E avec un BIOS d'une version antérieure à V25.02.04
Siemens	N/A	SIMATIC PCS 7 V8.2 avec WinCC versions antérieures à V7.4 SP1 Upd 11
Siemens	N/A	SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions antérieures à VC12M sans le correctif AX037/19/P
Siemens	N/A	Sensis SIS Server Machine, Mat. Nr. 06648153: versions antérieures à VC11D, VC12M, VD11B sans le correctif AX037/19/P
Siemens	N/A	SIMATIC RF68XR versions antérieures à V3.2.1
Siemens	N/A	SIMATIC IPC427E avec un BIOS d'une version antérieure à V21.01.11
Siemens	N/A	SIMATIC IPC647E avec un BIOS d'une version antérieure à V25.02.04
Siemens	N/A	TIA Administrator versions antérieures à V1.0 SP1 Upd1
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd 3
Siemens	N/A	SIMATIC IPC847E avec un BIOS d'une version antérieure à V25.02.04
Siemens	N/A	SIMATIC IPC677E avec un BIOS d'une version antérieure à V25.02.04
Siemens	N/A	SIMATIC RF615R versions antérieures à V3.2.1
Siemens	N/A	SIMATIC IPC477E Pro avec un BIOS d'une version antérieure à V21.01.11
Siemens	N/A	Sensis High End SIS Server, Mat. Nr. 10140973: versions antérieures à VC11D, VC12M sans le correctif AX037/19/P
Siemens	N/A	SIMATIC IPC477E avec un BIOS d'une version antérieure à V21.01.11
Siemens	N/A	DIGSI 5 versions antérieures à V7.90
Siemens	N/A	SIMATIC PCS 7 V9.0 avec WinCC versions antérieures à V7.4 SP1 Upd 11
Siemens	N/A	VM SIS Virtual Server, Mat. Nr. 10765502: versions antérieures à VC12M sans le correctif AX037/19/P

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-166360 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-616199 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-121293 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-721298 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-616472 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-747162 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-899560 du 09 juillet 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-556833 du 09 juillet 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions ant\u00e9rieures \u00e0 V7.90",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power 3, 4, 5 et 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RAPIDPoint 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC627E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V8.2 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sensis SIS Server Machine, Mat. Nr. 06648153: versions ant\u00e9rieures \u00e0 VC11D, VC12M, VD11B sans le correctif AX037/19/P",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF68XR versions ant\u00e9rieures \u00e0 V3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Administrator versions ant\u00e9rieures \u00e0 V1.0 SP1 Upd1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF615R versions ant\u00e9rieures \u00e0 V3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E Pro avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sensis High End SIS Server, Mat. Nr. 10140973: versions ant\u00e9rieures \u00e0 VC11D, VC12M sans le correctif AX037/19/P",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "DIGSI 5 versions ant\u00e9rieures \u00e0 V7.90",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.0 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "VM SIS Virtual Server, Mat. Nr. 10765502: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2016-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6329"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2019-10930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10930"
    },
    {
      "name": "CVE-2019-10915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10915"
    },
    {
      "name": "CVE-2019-10931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10931"
    },
    {
      "name": "CVE-2019-10935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10935"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-10933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10933"
    },
    {
      "name": "CVE-2019-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0708"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-311",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-166360 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616199 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-121293 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-721298 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616472 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-747162 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-899560 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-556833 du 09 juillet 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
    }
  ]
}

VAR-201907-1453

Vulnerability from variot - Updated: 2023-12-18 12:50

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system. SIPROTEC 5 Device and DIGSI 5 engineering software Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. There are unexplained vulnerabilities in several Siemens products

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1453",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "siprotec 5 digsi device driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.90"
      },
      {
        "model": "digsi 5 engineering software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.90"
      },
      {
        "model": "digsi 5 engineering software",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siprotec 5 digsi device driver",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "digsi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5\u003cv7.90"
      },
      {
        "model": "siprotec",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "digsi 5 engineering",
        "version": "7.90"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "siprotec 5 digsi device driver",
        "version": "7.90"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10930"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:digsi_5_engineering_software:7.90:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:7.90:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10930"
      }
    ]
  },
  "cve": "CVE-2019-10930",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-10930",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-22237",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-10930",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-10930",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-22237",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-516",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system. SIPROTEC 5 Device and DIGSI 5 engineering software Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. There are unexplained vulnerabilities in several Siemens products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10930"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-10930",
        "trust": 3.2
      },
      {
        "db": "SIEMENS",
        "id": "SSA-899560",
        "trust": 2.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-190-05",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-516",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2525",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "EA3A54D8-AC1E-48AE-B00D-1A02DFDE6E0E",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ]
  },
  "id": "VAR-201907-1453",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      }
    ],
    "trust": 1.4764706
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:50:10.746000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-899560",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
      },
      {
        "title": "Patches for unidentified vulnerabilities in various Siemens products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/168529"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94650"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-434",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10930"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-190-05"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10930"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10930"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2525/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10930"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-12T00:00:00",
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      },
      {
        "date": "2019-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "date": "2019-07-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "date": "2019-07-11T22:15:11.560000",
        "db": "NVD",
        "id": "CVE-2019-10930"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-22237"
      },
      {
        "date": "2019-08-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      },
      {
        "date": "2020-06-10T17:15:10.690000",
        "db": "NVD",
        "id": "CVE-2019-10930"
      },
      {
        "date": "2020-06-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SIPROTEC 5 Device and  DIGSI 5 engineering software Vulnerable to unlimited upload of dangerous types of files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006588"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Code problem",
    "sources": [
      {
        "db": "IVD",
        "id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-516"
      }
    ],
    "trust": 0.8
  }
}

CNVD-2019-22237

Vulnerability from cnvd - Published: 2019-07-12

Title

多款Siemens产品存在未明漏洞

Description

Siemens SIPROTEC 5和Siemens DIGISI 5都是德国西门子（Siemens）公司的产品。Siemens SIPROTEC 5是一款多功能继电器。Siemens DIGISI 5是一套用于Siemens SIPROTEC设备的用户界面。多款Siemens产品存在未明漏洞。远程攻击者可以使用发送到端口443/TCP的特制数据包上传、下载或删除文件系统某些部分中的文件。

Severity

高

Patch Name

多款Siemens产品存在未明漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf

Impacted products

Name
['Siemens DIGSI 5 < V7.90', 'Siemens SIPROTEC 5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10930"
    }
  },
  "description": "Siemens SIPROTEC 5\u548cSiemens DIGISI 5\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Siemens SIPROTEC 5\u662f\u4e00\u6b3e\u591a\u529f\u80fd\u7ee7\u7535\u5668\u3002Siemens DIGISI 5\u662f\u4e00\u5957\u7528\u4e8eSiemens SIPROTEC\u8bbe\u5907\u7684\u7528\u6237\u754c\u9762\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u53d1\u9001\u5230\u7aef\u53e3443/TCP\u7684\u7279\u5236\u6570\u636e\u5305\u4e0a\u4f20\u3001\u4e0b\u8f7d\u6216\u5220\u9664\u6587\u4ef6\u7cfb\u7edf\u67d0\u4e9b\u90e8\u5206\u4e2d\u7684\u6587\u4ef6\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-22237",
  "openTime": "2019-07-12",
  "patchDescription": "Siemens SIPROTEC 5\u548cSiemens DIGISI 5\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Siemens SIPROTEC 5\u662f\u4e00\u6b3e\u591a\u529f\u80fd\u7ee7\u7535\u5668\u3002Siemens DIGISI 5\u662f\u4e00\u5957\u7528\u4e8eSiemens SIPROTEC\u8bbe\u5907\u7684\u7528\u6237\u754c\u9762\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u53d1\u9001\u5230\u7aef\u53e3443/TCP\u7684\u7279\u5236\u6570\u636e\u5305\u4e0a\u4f20\u3001\u4e0b\u8f7d\u6216\u5220\u9664\u6587\u4ef6\u7cfb\u7edf\u67d0\u4e9b\u90e8\u5206\u4e2d\u7684\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens DIGSI 5 \u003c V7.90",
      "Siemens SIPROTEC 5"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2019-07-10",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

FKIE_CVE-2019-10930

Vulnerability from fkie_nvd - Published: 2019-07-11 22:15 - Updated: 2024-11-21 04:20

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	digsi_5_engineering_software	7.90
siemens	siprotec_5_digsi_device_driver	7.90
siemens	6md85	-
siemens	6md86	-
siemens	6md89	-
siemens	7sa82	-
siemens	7sa86	-
siemens	7sa87	-
siemens	7sd82	-
siemens	7sd86	-
siemens	7sd87	-
siemens	7sj82	-
siemens	7sj85	-
siemens	7sj86	-
siemens	7sk82	-
siemens	7sk85	-
siemens	7sl82	-
siemens	7sl86	-
siemens	7sl87	-
siemens	7um85	-
siemens	7ut82	-
siemens	7ut85	-
siemens	7ut86	-
siemens	7ut87	-
siemens	7ve85	-
siemens	7vk87	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:digsi_5_engineering_software:7.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ECD61D0-7721-4E41-AF27-207270428969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:7.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "667C7D61-C8C6-4343-81F6-1545183E6A1B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23076116-128D-4366-B5BC-B965001FE356",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3457758B-A04D-4544-B0FA-DF87AA11D8FE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0672FC-AEC1-445B-B958-AEDB6DCEE1E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF247CA0-37E1-40DF-96F5-9F00128EA250",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD3C99B-CDD8-4919-BE72-73814C2642A4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE6CCA9-A246-4EB2-A57B-FE6823A9E3FD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11B4A68-F533-4AC0-80A9-7374FDFE2DEA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F8D692-F268-45A4-9348-C67890A58881",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5A3FFD-17AD-4820-97D3-2F093BD5F322",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5739872A-E271-48BB-ABB5-17608E81AE7A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC6417D-2C81-4654-B7FF-6C3E1B709962",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52A6630-46F3-4113-B5E8-F5BAB7801CB0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "088AC7F2-4FF3-4EF9-A111-D47DB859ECA1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DD95AC-9B8F-43CD-9483-2BB9C4E86376",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9F05D9-C1DF-4D73-8634-239ABFE526DB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6662F7-5E3D-43A8-9984-EF1540BC917B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E122323B-A42B-4DAB-A071-ACF76DC45E28",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA9E810-2C00-4721-B3A6-E7CD7184BA24",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E959A8E-21D1-4950-974B-A89693C14DC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA075D19-21BF-4A7C-87B8-6A9D99799826",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC0D445-9A9B-4799-8B83-8B15821A6CC1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A73860-76C5-435B-8150-1EABF644ADA0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58566D-C2F7-4D9A-ACD6-D493E4531491",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D9FD3B7-C7F7-41C1-9290-411F9D912D00",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en todos los dem\u00e1s tipos de dispositivos SIPROTEC 5 con variantes de CPU CP300 y CP100 y los respectivos m\u00f3dulos de comunicaci\u00f3n Ethernet (todas las versiones), software de ingenier\u00eda DIGSI 5 (todas las versiones anteriores a la versi\u00f3n V7.90), tipos de dispositivos SIPROTEC 5 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 y  7VE85 y CPU con variantes CP300 y CP100 los respectivos m\u00f3dulos de comunicaci\u00f3n Ethernet (todas las versiones anteriores a la versi\u00f3n V7.90), tipos de dispositivos SIPROTEC 5 7SS85 y 7KE85 (todas las versiones anteriores a la versi\u00f3n V8.01), tipos de dispositivos SIPROTEC 5 con variantes de CP200 y los respectivos m\u00f3dulos de comunicaci\u00f3n Ethernet (todas las versiones). Un atacante remoto podr\u00eda usar paquetes especialmente dise\u00f1ados enviados al puerto 443/TCP para cargar, descargar o eliminar archivos en ciertas partes del sistema de archivos"
    }
  ],
  "id": "CVE-2019-10930",
  "lastModified": "2024-11-21T04:20:10.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-11T22:15:11.560",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-19-190-05

Vulnerability from csaf_cisa - Published: 2019-07-09 00:00 - Updated: 2020-05-12 00:00

Summary

Siemens SIPROTEC 5 and DIGSI 5 (Update C)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow a denial-of-service condition and limited control of file upload, download, and delete functions.

Critical infrastructure sectors

Energy

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Pierre Capillon",
          "Nicolas Looss",
          "Jean-Baptiste Galet"
        ],
        "organization": "Agence Nationale de la S\u00e9curit\u00e9 des Syst\u00e8mes d \u0027Information (ANSSI)",
        "summary": "reporting these vulnerabilities to Siemens"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow a denial-of-service condition and limited control of file upload, download, and delete functions.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Energy",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and \nsolutions, please contact the Siemens ProductCERT:\n\nhttps://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and  solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-190-05 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-190-05.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-190-05 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-190-05"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-190-05"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "SSA-496604: SSA-899560: Vulnerabilities in SIPROTEC 5 relays and DIGSI 5 - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/SSA-899560.txt"
      }
    ],
    "title": "Siemens SIPROTEC 5 and DIGSI 5 (Update C)",
    "tracking": {
      "current_release_date": "2020-05-12T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-190-05",
      "initial_release_date": "2019-07-09T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-07-09T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5"
        },
        {
          "date": "2019-08-13T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 (Update A)"
        },
        {
          "date": "2019-12-10T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 (Update B)"
        },
        {
          "date": "2020-05-12T00:00:00.000000Z",
          "legacy_version": "C",
          "number": "4",
          "summary": "ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 (Update C)"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V7.90",
                "product": {
                  "name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,: All versions \u003c V7.90",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V8.01",
                "product": {
                  "name": "SIPROTEC 5 device types 7SS85 and 7KE85: All versions \u003c V8.01",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 device types 7SS85 and 7KE85"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions",
                "product": {
                  "name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and: All versions",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V7.59",
                "product": {
                  "name": "SIPROTEC 5 device types with CPU variants CP200 and the respective: All versions \u003c V7.59",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 device types with CPU variants CP200 and the respective"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions",
                "product": {
                  "name": "SIPROTEC 5 device types with CPU variants CP200 and the respective: All versions",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 device types with CPU variants CP200 and the respective"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V7.90",
                "product": {
                  "name": "DIGSI 5 engineering software: All versions \u003c V7.90",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "DIGSI 5 engineering software"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10930",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://support.industry.siemens.com/cs/us/en/view/109767686",
          "url": "https://support.industry.siemens.com/cs/us/en/view/109767686"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10930"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Block access to port 443/TCP e.g. with an external firewall.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Activate role based access control (RBAC) in the device (supported in\nSIPROTEC 5 firmware versions V7.80 and higher)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Activate the DIGSI 5 connection password in the device (supported in all\nSIPROTEC 5 firmware versions)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.90 or later version.  Search for \"SIPROTEC 5 - DIGSI Device Drivers\" on the Siemens Industry Online Support site.  The latest firmware version for the communication modules can also be found on each device specific download page.  Applying the update causes the device / module to go through a single restart cycle. - Download: https://support.industry.siemens.com/cs/ww/en/ ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V8.01 or later version.  Search for \"SIPROTEC 5 - DIGSI Device Drivers\" on the Siemens Industry Online Support site.  Applying the update causes the device / module to go through a single restart cycle. - Download: https://support.industry.siemens.com/cs/ww/en/ ",
          "product_ids": [
            "CSAFPID-0002"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/"
        },
        {
          "category": "vendor_fix",
          "details": "See recommendations from section Workarounds and Mitigations ",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "See recommendations from section Workarounds and Mitigations ",
          "product_ids": [
            "CSAFPID-0005"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.90 or later version and activate the client authorization feature - Download: https://support.industry.siemens.com/cs/us/en/view/109767686 ",
          "product_ids": [
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109767686"
        },
        {
          "category": "mitigation",
          "details": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment. Recommended security guidelines to Digital Grid Products can be found at: https://www.siemens.com/gridsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-10931",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://support.industry.siemens.com/cs/us/en/view/109767686",
          "url": "https://support.industry.siemens.com/cs/us/en/view/109767686"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10931"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Block access to port 443/TCP e.g. with an external firewall.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Activate role based access control (RBAC) in the device (supported in\nSIPROTEC 5 firmware versions V7.80 and higher)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Activate the DIGSI 5 connection password in the device (supported in all\nSIPROTEC 5 firmware versions)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.90 or later version.  Search for \"SIPROTEC 5 - DIGSI Device Drivers\" on the Siemens Industry Online Support site.  The latest firmware version for the communication modules can also be found on each device specific download page.  Applying the update causes the device / module to go through a single restart cycle. - Download: https://support.industry.siemens.com/cs/ww/en/ ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V8.01 or later version.  Search for \"SIPROTEC 5 - DIGSI Device Drivers\" on the Siemens Industry Online Support site.  Applying the update causes the device / module to go through a single restart cycle. - Download: https://support.industry.siemens.com/cs/ww/en/ ",
          "product_ids": [
            "CSAFPID-0002"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/"
        },
        {
          "category": "vendor_fix",
          "details": "See recommendations from section Workarounds and Mitigations ",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.59 or later version.  Search for \"SIPROTEC 5 - DIGSI Device Drivers\" on the Siemens Industry Online Support site.  The latest firmware version for the communication modules can also be found on each device specific download page.  Applying the update causes the device / module to go through a single restart cycle. - Download: https://support.industry.siemens.com/cs/ww/en/ ",
          "product_ids": [
            "CSAFPID-0004"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.90 or later version and activate the client authorization feature - Download: https://support.industry.siemens.com/cs/us/en/view/109767686 ",
          "product_ids": [
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109767686"
        },
        {
          "category": "mitigation",
          "details": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment. Recommended security guidelines to Digital Grid Products can be found at: https://www.siemens.com/gridsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    }
  ]
}

GSD-2019-10930

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-10930

Aliases

CVE-2019-10930

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-10930",
    "description": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.",
    "id": "GSD-2019-10930"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10930"
      ],
      "details": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.",
      "id": "GSD-2019-10930",
      "modified": "2023-12-13T01:23:57.959916Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2019-10930",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions "
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "DIGSI 5 engineering software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V7.90"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V7.90"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPROTEC 5 device types 7SS85 and 7KE85",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V8.01"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens AG"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-552: Files or Directories Accessible to External Parties"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:digsi_5_engineering_software:7.90:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:7.90:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2019-10930"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-434"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-06-10T17:15Z",
      "publishedDate": "2019-07-11T22:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-10930 (GCVE-0-2019-10930)

Solution

Solution

Tags

Sightings

Nomenclature