Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19277 (GCVE-0-2019-19277)
Vulnerability from cvelistv5 – Published: 2020-03-10 19:16 – Updated: 2024-08-05 02:09
VLAI?
EPSS
Summary
A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.
Severity ?
No CVSS data available.
CWE
- CWE-778 - Insufficient Logging
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens AG | SIPORT MP |
Affected:
All versions < 3.1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPORT MP",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 3.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T17:26:16",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPORT MP",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 3.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-778: Insufficient Logging"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19277",
"datePublished": "2020-03-10T19:16:17",
"dateReserved": "2019-11-26T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:siport_mp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.1.4\", \"matchCriteriaId\": \"CA1E874D-BAFE-4956-860B-271187FBB2D1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\\\"service users\\\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en SIPORT MP (Todas las versiones anteriores a la versi\\u00f3n 3.1.4). Las versiones vulnerables del dispositivo permiten la creaci\\u00f3n de cuentas especiales (\\\"service users\\\") con privilegios administrativos que podr\\u00edan permitir a un atacante autenticado remoto llevar a cabo acciones que no son visibles para otros usuarios del sistema, tales como otorgar a las personas acceso a un \\u00e1rea segura.\"}]",
"id": "CVE-2019-19277",
"lastModified": "2024-11-21T04:34:28.983",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:N\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-03-10T20:15:18.727",
"references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-042-08\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-042-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-778\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19277\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2020-03-10T20:15:18.727\",\"lastModified\":\"2024-11-21T04:34:28.983\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\\\"service users\\\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIPORT MP (Todas las versiones anteriores a la versi\u00f3n 3.1.4). Las versiones vulnerables del dispositivo permiten la creaci\u00f3n de cuentas especiales (\\\"service users\\\") con privilegios administrativos que podr\u00edan permitir a un atacante autenticado remoto llevar a cabo acciones que no son visibles para otros usuarios del sistema, tales como otorgar a las personas acceso a un \u00e1rea segura.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-778\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:siport_mp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.4\",\"matchCriteriaId\":\"CA1E874D-BAFE-4956-860B-271187FBB2D1\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-042-08\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-042-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
GHSA-C6FW-9PJP-59CM
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10
VLAI?
Details
A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.
{
"affected": [],
"aliases": [
"CVE-2019-19277"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-10T20:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.",
"id": "GHSA-c6fw-9pjp-59cm",
"modified": "2022-05-24T17:10:36Z",
"published": "2022-05-24T17:10:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19277"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2020-AVI-090
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC CP 1626 | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC RF180C | ||
| Siemens | N/A | SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS) | ||
| Siemens | N/A | SCALANCE S602, S612, S623, S627-2M, S627-2M | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V14.0.1 | ||
| Siemens | N/A | SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules | ||
| Siemens | N/A | SIMOTION P320-4E | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2 | ||
| Siemens | N/A | TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0 | ||
| Siemens | N/A | SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E | ||
| Siemens | N/A | OZW672 versions antérieures à V10.00 | ||
| Siemens | N/A | SIMATIC BATCH V9.0 | ||
| Siemens | N/A | SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3 | ||
| Siemens | N/A | SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2 | ||
| Siemens | N/A | SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1 | ||
| Siemens | N/A | OpenPCS 7 V8.1 | ||
| Siemens | N/A | SIMATIC WinCC V7.3 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC Field PG M4, Field PG M5, Field PG M6 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller | ||
| Siemens | N/A | OpenPCS 7 V9.0 | ||
| Siemens | N/A | SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1 | ||
| Siemens | N/A | SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC Route Control V9.0 | ||
| Siemens | N/A | SCALANCE XR-500 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6 | ||
| Siemens | N/A | SINAMICS DCP versions antérieures à V1.3 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 | ||
| Siemens | N/A | SIMATIC Route Control V8.2 | ||
| Siemens | N/A | SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V15.1 | ||
| Siemens | N/A | SIMATIC RF600 versions antérieures à V3.2.1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2 | ||
| Siemens | N/A | SIMATIC ITP1000 | ||
| Siemens | N/A | SIMATIC IPC Support, Package for VxWorks | ||
| Siemens | N/A | OZW772 versions antérieures à V10.00 | ||
| Siemens | N/A | SCALANCE W700 IEEE 802.11n versions antérieures à V6.4 | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.1 | ||
| Siemens | N/A | IE/PB LINK PN IO (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8 | ||
| Siemens | N/A | RUGGEDCOM RM1224 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0 | ||
| Siemens | N/A | SIMATIC RF182C | ||
| Siemens | N/A | SIMATIC IPC427D, IPC427E (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMOTION P320-4S | ||
| Siemens | N/A | PROFINET Driver for Controller versions antérieures à V2.1 Patch 03 | ||
| Siemens | N/A | SCALANCE XM-400 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC BATCH V8.1 | ||
| Siemens | N/A | SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1 | ||
| Siemens | N/A | SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA | ||
| Siemens | N/A | SIPORT MP versions antérieures à V3.1.4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V16 | ||
| Siemens | N/A | SIMATIC Route Control V8.1 | ||
| Siemens | N/A | SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC BATCH V8.2 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01 | ||
| Siemens | N/A | SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF | ||
| Siemens | N/A | SCALANCE M-800 / S615 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC MV400 | ||
| Siemens | N/A | OpenPCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions antérieures à 20.8 | ||
| Siemens | N/A | SIMATIC NET PC Software |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC CP 1626",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF180C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S602, S612, S623, S627-2M, S627-2M",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V14.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW672 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions ant\u00e9rieures V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1616 et CP 1604 versions ant\u00e9rieures \u00e0 V2.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Field PG M4, Field PG M5, Field PG M6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions ant\u00e9rieures \u00e0 V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (except\u00e9 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR-500 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS DCP versions ant\u00e9rieures \u00e0 V1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF600 versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITP1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC Support, Package for VxWorks",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW772 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W700 IEEE 802.11n versions ant\u00e9rieures \u00e0 V6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IE/PB LINK PN IO (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS) versions ant\u00e9rieures \u00e0 2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF182C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4S",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PROFINET Driver for Controller versions ant\u00e9rieures \u00e0 V2.1 Patch 03",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM-400 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1623 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 7.5.1 Upd1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPORT MP versions ant\u00e9rieures \u00e0 V3.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V6 et ant\u00e9rieures (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5 Patch 01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV400",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 20.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19282"
},
{
"name": "CVE-2019-19277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19277"
},
{
"name": "CVE-2019-13926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13926"
},
{
"name": "CVE-2019-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-19281",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19281"
},
{
"name": "CVE-2019-13941",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13941"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2019-18217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18217"
},
{
"name": "CVE-2019-12815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12815"
},
{
"name": "CVE-2019-13940",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
},
{
"name": "CVE-2019-19279",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19279"
},
{
"name": "CVE-2019-13925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13925"
},
{
"name": "CVE-2019-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
},
{
"name": "CVE-2019-13946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
},
{
"name": "CVE-2019-6585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6585"
},
{
"name": "CVE-2020-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19282"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2018-18065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-090",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-398519 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-940889 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-974843 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-270778 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-986695 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-750824 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-591405 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978558 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
]
}
CERTFR-2020-AVI-090
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC CP 1626 | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC RF180C | ||
| Siemens | N/A | SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS) | ||
| Siemens | N/A | SCALANCE S602, S612, S623, S627-2M, S627-2M | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V14.0.1 | ||
| Siemens | N/A | SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules | ||
| Siemens | N/A | SIMOTION P320-4E | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2 | ||
| Siemens | N/A | TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0 | ||
| Siemens | N/A | SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E | ||
| Siemens | N/A | OZW672 versions antérieures à V10.00 | ||
| Siemens | N/A | SIMATIC BATCH V9.0 | ||
| Siemens | N/A | SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3 | ||
| Siemens | N/A | SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2 | ||
| Siemens | N/A | SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1 | ||
| Siemens | N/A | OpenPCS 7 V8.1 | ||
| Siemens | N/A | SIMATIC WinCC V7.3 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC Field PG M4, Field PG M5, Field PG M6 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller | ||
| Siemens | N/A | OpenPCS 7 V9.0 | ||
| Siemens | N/A | SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1 | ||
| Siemens | N/A | SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC Route Control V9.0 | ||
| Siemens | N/A | SCALANCE XR-500 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6 | ||
| Siemens | N/A | SINAMICS DCP versions antérieures à V1.3 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 | ||
| Siemens | N/A | SIMATIC Route Control V8.2 | ||
| Siemens | N/A | SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V15.1 | ||
| Siemens | N/A | SIMATIC RF600 versions antérieures à V3.2.1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2 | ||
| Siemens | N/A | SIMATIC ITP1000 | ||
| Siemens | N/A | SIMATIC IPC Support, Package for VxWorks | ||
| Siemens | N/A | OZW772 versions antérieures à V10.00 | ||
| Siemens | N/A | SCALANCE W700 IEEE 802.11n versions antérieures à V6.4 | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.1 | ||
| Siemens | N/A | IE/PB LINK PN IO (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8 | ||
| Siemens | N/A | RUGGEDCOM RM1224 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0 | ||
| Siemens | N/A | SIMATIC RF182C | ||
| Siemens | N/A | SIMATIC IPC427D, IPC427E (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMOTION P320-4S | ||
| Siemens | N/A | PROFINET Driver for Controller versions antérieures à V2.1 Patch 03 | ||
| Siemens | N/A | SCALANCE XM-400 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC BATCH V8.1 | ||
| Siemens | N/A | SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1 | ||
| Siemens | N/A | SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA | ||
| Siemens | N/A | SIPORT MP versions antérieures à V3.1.4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V16 | ||
| Siemens | N/A | SIMATIC Route Control V8.1 | ||
| Siemens | N/A | SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC BATCH V8.2 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01 | ||
| Siemens | N/A | SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF | ||
| Siemens | N/A | SCALANCE M-800 / S615 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC MV400 | ||
| Siemens | N/A | OpenPCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions antérieures à 20.8 | ||
| Siemens | N/A | SIMATIC NET PC Software |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC CP 1626",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF180C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S602, S612, S623, S627-2M, S627-2M",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V14.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW672 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions ant\u00e9rieures V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1616 et CP 1604 versions ant\u00e9rieures \u00e0 V2.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Field PG M4, Field PG M5, Field PG M6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions ant\u00e9rieures \u00e0 V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (except\u00e9 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR-500 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS DCP versions ant\u00e9rieures \u00e0 V1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF600 versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITP1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC Support, Package for VxWorks",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW772 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W700 IEEE 802.11n versions ant\u00e9rieures \u00e0 V6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IE/PB LINK PN IO (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS) versions ant\u00e9rieures \u00e0 2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF182C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4S",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PROFINET Driver for Controller versions ant\u00e9rieures \u00e0 V2.1 Patch 03",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM-400 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1623 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 7.5.1 Upd1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPORT MP versions ant\u00e9rieures \u00e0 V3.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V6 et ant\u00e9rieures (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5 Patch 01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV400",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 20.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19282"
},
{
"name": "CVE-2019-19277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19277"
},
{
"name": "CVE-2019-13926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13926"
},
{
"name": "CVE-2019-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-19281",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19281"
},
{
"name": "CVE-2019-13941",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13941"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2019-18217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18217"
},
{
"name": "CVE-2019-12815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12815"
},
{
"name": "CVE-2019-13940",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
},
{
"name": "CVE-2019-19279",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19279"
},
{
"name": "CVE-2019-13925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13925"
},
{
"name": "CVE-2019-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
},
{
"name": "CVE-2019-13946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
},
{
"name": "CVE-2019-6585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6585"
},
{
"name": "CVE-2020-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19282"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2018-18065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-090",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-398519 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-940889 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-974843 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-270778 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-986695 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-750824 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-591405 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978558 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
]
}
FKIE_CVE-2019-19277
Vulnerability from fkie_nvd - Published: 2020-03-10 20:15 - Updated: 2024-11-21 04:34
Severity ?
Summary
A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf | Vendor Advisory | |
| productcert@siemens.com | https://www.us-cert.gov/ics/advisories/icsa-20-042-08 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-042-08 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:siport_mp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1E874D-BAFE-4956-860B-271187FBB2D1",
"versionEndExcluding": "3.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIPORT MP (Todas las versiones anteriores a la versi\u00f3n 3.1.4). Las versiones vulnerables del dispositivo permiten la creaci\u00f3n de cuentas especiales (\"service users\") con privilegios administrativos que podr\u00edan permitir a un atacante autenticado remoto llevar a cabo acciones que no son visibles para otros usuarios del sistema, tales como otorgar a las personas acceso a un \u00e1rea segura."
}
],
"id": "CVE-2019-19277",
"lastModified": "2024-11-21T04:34:28.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-10T20:15:18.727",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-778"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-202003-1765
Vulnerability from variot - Updated: 2023-12-18 10:49A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area. SIPORT is a comprehensive, modular and reliable system for access control and time management in the SSP Siveillance Access Suite.
Siemens SIPORT MP has a security vulnerability that could allow an attacker to create a special account with administrative privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1765",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siport mp",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "3.1.4"
},
{
"model": "siport mp",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "3.1.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siport mp",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5"
},
{
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"db": "NVD",
"id": "CVE-2019-19277"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:siport_mp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19277"
}
]
},
"cve": "CVE-2019-19277",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014875",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-15260",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014875",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19277",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014875",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-15260",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-683",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5"
},
{
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"db": "NVD",
"id": "CVE-2019-19277"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area. SIPORT is a comprehensive, modular and reliable system for access control and time management in the SSP Siveillance Access Suite. \n\r\n\r\nSiemens SIPORT MP has a security vulnerability that could allow an attacker to create a special account with administrative privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19277"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"db": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19277",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-08",
"trust": 3.0
},
{
"db": "SIEMENS",
"id": "SSA-978558",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2020-15260",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-683",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014875",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486.2",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-06",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-07",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-10",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-09",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-05",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-04",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "44B55903-CE45-4E27-B538-287DE0F9E6E5",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5"
},
{
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"db": "NVD",
"id": "CVE-2019-19277"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
]
},
"id": "VAR-202003-1765",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5"
},
{
"db": "CNVD",
"id": "CNVD-2020-15260"
}
],
"trust": 1.175
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5"
},
{
"db": "CNVD",
"id": "CNVD-2020-15260"
}
]
},
"last_update_date": "2023-12-18T10:49:59.156000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-978558",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"title": "Patch for Siemens SIPORT MP Insufficient Record Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/206791"
},
{
"title": "Siemens SIPORT MP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110721"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"db": "NVD",
"id": "CVE-2019-19277"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19277"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19277"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"db": "NVD",
"id": "CVE-2019-19277"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5"
},
{
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"db": "NVD",
"id": "CVE-2019-19277"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-12T00:00:00",
"db": "IVD",
"id": "44b55903-ce45-4e27-b538-287de0f9e6e5"
},
{
"date": "2020-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"date": "2020-03-10T20:15:18.727000",
"db": "NVD",
"id": "CVE-2019-19277"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15260"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014875"
},
{
"date": "2021-11-03T18:43:01.287000",
"db": "NVD",
"id": "CVE-2019-19277"
},
{
"date": "2021-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIPORT MP Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014875"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-683"
}
],
"trust": 0.6
}
}
ICSA-20-042-08
Vulnerability from csaf_cisa - Published: 2020-02-11 00:00 - Updated: 2020-02-11 00:00Summary
Siemens SIPORT MP
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability could allow the attacker to create special accounts with administrative privileges.
Critical infrastructure sectors
Commercial Facilities, Government Facilities
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and
solutions, please contact the Siemens ProductCERT:
https://www.siemens.com/cert/advisories
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target this vulnerability.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow the attacker to create special accounts with administrative privileges.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities, Government Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and \nsolutions, please contact the Siemens ProductCERT:\n\nhttps://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-042-08 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-042-08.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-042-08 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-042-08"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "SSA-496604: SSA-978558: Insufficient Logging Vulnerability in SIPORT MP - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/SSA-978558.txt"
}
],
"title": "Siemens SIPORT MP",
"tracking": {
"current_release_date": "2020-02-11T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-042-08",
"initial_release_date": "2020-02-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-02-11T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-20-042-08 Siemens SIPORT MP"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c 3.1.4",
"product": {
"name": "SIPORT MP: All versions \u003c 3.1.4",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIPORT MP"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19277",
"cwe": {
"id": "CWE-778",
"name": "Insufficient Logging"
},
"notes": [
{
"category": "summary",
"text": "Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "https://support.industry.siemens.com/cs/document/109771860",
"url": "https://support.industry.siemens.com/cs/document/109771860"
},
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19277"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "For SIPORT MP versions 3.0.x, apply the latest hotfix for version 3.0.3,\navailable at https://support.industry.siemens.com/cs/document/109771281",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "For SIPORT MP versions 2.2 and later, apply the SIPORT_CleanUsers tool,\navailable at https://support.industry.siemens.com/cs/document/109771860",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to version 3.1.4 - Download: https://support.industry.siemens.com/cs/document/109771860 (login required) ",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/document/109771860"
},
{
"category": "mitigation",
"details": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
GSD-2019-19277
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19277",
"description": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.",
"id": "GSD-2019-19277"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19277"
],
"details": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.",
"id": "GSD-2019-19277",
"modified": "2023-12-13T01:23:54.506893Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPORT MP",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 3.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-778: Insufficient Logging"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:siport_mp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19277"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPORT MP (All versions \u003c 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
},
"lastModifiedDate": "2021-11-03T18:43Z",
"publishedDate": "2020-03-10T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…