ICSA-19-225-03
Vulnerability from csaf_cisa - Published: 2019-08-13 00:00 - Updated: 2022-02-10 00:00Summary
ICSA-19-225-03_Siemens SCALANCE X Switches (Update D)
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary: Younes Dragoni and Alessandro Di Pinto from Nozomi Networks and Artem Zinenko from Kaspersky reported these vulnerability details to Siemens.
Exploitability: No known public exploits specifically target this vulnerability.
8.6 (High)
Mitigation
Siemens recommends users configure their environment according to Siemens ' operational guidelines for industrial security and follow the recommendations in the product manuals.
https://cert-portal.siemens.com/operational-guide…
References
Acknowledgments
Nozomi Networks
Younes Dragoni
Alessandro Di Pinto
Kaspersky
Artem Zinenko
{
"document": {
"acknowledgments": [
{
"names": [
"Younes Dragoni",
"Alessandro Di Pinto"
],
"organization": "Nozomi Networks",
"summary": "reporting these vulnerability details to Siemens"
},
{
"names": [
"Artem Zinenko"
],
"organization": "Kaspersky",
"summary": "reporting these vulnerability details to Siemens"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "summary",
"text": "Younes Dragoni and Alessandro Di Pinto from Nozomi Networks and Artem Zinenko from Kaspersky reported these vulnerability details to Siemens.",
"title": "Summary"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "CISAservicedesk@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-225-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-225-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-225-03 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-225-03"
}
],
"title": "ICSA-19-225-03_Siemens SCALANCE X Switches (Update D)",
"tracking": {
"current_release_date": "2022-02-10T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA USCert CSAF Generator",
"version": "1"
}
},
"id": "ICSA-19-225-03",
"initial_release_date": "2019-08-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-08-13T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-225-03 Siemens SCALANCE X Switches"
},
{
"date": "2019-08-20T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-19-225-03 Siemens SCALANCE X Switches (Update A)"
},
{
"date": "2021-02-09T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-19-225-03 Siemens SCALANCE X Switches (Update B)"
},
{
"date": "2021-09-14T00:00:00.000000Z",
"legacy_version": "C",
"number": "4",
"summary": "ICSA-19-225-03 Siemens SCALANCE X Switches (Update C)"
},
{
"date": "2022-02-10T00:00:00.000000Z",
"legacy_version": "D",
"number": "5",
"summary": "ICSA-19-225-03 Siemens SCALANCE X Switches (Update D)"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X-200RNA: All versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200RNA"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X204RNA EEC (PRP) (6GK5204-0BS00-3LA3): All versions",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SCALANCE X204RNA EEC (PRP) (6GK5204-0BS00-3LA3)"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X204RNA (PRP) (6GK5204-0BA00-2KB2): All versions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SCALANCE X204RNA (PRP) (6GK5204-0BA00-2KB2)"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X204RNA (HSR) (6GK5204-0BA00-2MB2): All versions",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SCALANCE X204RNA (HSR) (6GK5204-0BA00-2MB2)"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X204RNA EEC (PRP/HSR) (6GK5204-0BS00-3PA3): All versions",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SCALANCE X204RNA EEC (PRP/HSR) (6GK5204-0BS00-3PA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 5.5.0",
"product": {
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants): All versions prior to 5.5.0",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X204RNA EEC (HSR) (6GK5204-0BS00-2NA3): All versions",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SCALANCE X204RNA EEC (HSR) (6GK5204-0BS00-2NA3)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10942",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"notes": [
{
"category": "summary",
"text": "An attacker may send large message packages repeatedly to the telnet service, which may allow a denial-of-service condition.CVE-2019-10942 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens recommends users configure their environment according to Siemens \u0027 operational guidelines for industrial security and follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
],
"title": "CVE-2019-10942"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…