var-201908-1836
Vulnerability from variot
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIPROTEC 5 The device contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The SiemensSIPROTEC5 is a multi-function relay. There is a security hole in SiemensSIPROTEC5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1836", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "siprotec 5 digsi device driver", scope: "eq", trust: 1.1, vendor: "siemens", version: "*", }, { model: "siprotec 5 digsi device driver", scope: null, trust: 0.8, vendor: "siemens", version: null, }, { model: "siprotec", scope: "eq", trust: 0.6, vendor: "siemens", version: "5", }, { model: null, scope: "eq", trust: 0.2, vendor: "siprotec 5 digsi device driver", version: "*", }, ], sources: [ { db: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", }, { db: "CNVD", id: "CNVD-2019-25928", }, { db: "VULMON", id: "CVE-2019-10938", }, { db: "JVNDB", id: "JVNDB-2019-007605", }, { db: "NVD", id: "CVE-2019-10938", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-10938", }, ], }, cve: "CVE-2019-10938", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-10938", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2019-25928", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "IVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.2, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.9 [IVD]", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-10938", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-10938", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2019-25928", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201908-207", trust: 0.6, value: "CRITICAL", }, { author: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", trust: 0.2, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2019-10938", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", }, { db: "CNVD", id: "CNVD-2019-25928", }, { db: "VULMON", id: "CVE-2019-10938", }, { db: "JVNDB", id: "JVNDB-2019-007605", }, { db: "NVD", id: "CVE-2019-10938", }, { db: "CNNVD", id: "CNNVD-201908-207", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIPROTEC 5 The device contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The SiemensSIPROTEC5 is a multi-function relay. There is a security hole in SiemensSIPROTEC5", sources: [ { db: "NVD", id: "CVE-2019-10938", }, { db: "JVNDB", id: "JVNDB-2019-007605", }, { db: "CNVD", id: "CNVD-2019-25928", }, { db: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", }, { db: "VULMON", id: "CVE-2019-10938", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-10938", trust: 3.3, }, { db: "SIEMENS", id: "SSA-632562", trust: 2.3, }, { db: "SIEMENS", id: "SSA-352504", trust: 1.7, }, { db: "CNVD", id: "CNVD-2019-25928", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201908-207", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2019-007605", trust: 0.8, }, { db: "IVD", id: "2465D402-AF66-48D7-8E2C-5D4AD536DE9A", trust: 0.2, }, { db: "VULMON", id: "CVE-2019-10938", trust: 0.1, }, ], sources: [ { db: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", }, { db: "CNVD", id: "CNVD-2019-25928", }, { db: "VULMON", id: "CVE-2019-10938", }, { db: "JVNDB", id: "JVNDB-2019-007605", }, { db: "NVD", id: "CVE-2019-10938", }, { db: "CNNVD", id: "CNNVD-201908-207", }, ], }, id: "VAR-201908-1836", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", }, { db: "CNVD", id: "CNVD-2019-25928", }, ], trust: 0.08, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", "Network device", ], sub_category: null, trust: 0.6, }, { category: [ "ICS", ], sub_category: null, trust: 0.2, }, ], sources: [ { db: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", }, { db: "CNVD", id: "CNVD-2019-25928", }, ], }, last_update_date: "2023-12-18T11:14:48.740000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SSA-632562", trust: 0.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf", }, { title: "Patch for SiemensSIPROTEC5 Access Rights Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/173137", }, { title: "SIPROTEC 5 Ethernet plug-in Repair measures for communication module security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95975", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2dd69ca01b84b80e09672fedb1c26f51", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1f919286ef48798d96223ef4d2143337", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-25928", }, { db: "VULMON", id: "CVE-2019-10938", }, { db: "JVNDB", id: "JVNDB-2019-007605", }, { db: "CNNVD", id: "CNNVD-201908-207", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-284", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-007605", }, { db: "NVD", id: "CVE-2019-10938", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-10938", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10938", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/284.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-25928", }, { db: "VULMON", id: "CVE-2019-10938", }, { db: "JVNDB", id: "JVNDB-2019-007605", }, { db: "NVD", id: "CVE-2019-10938", }, { db: "CNNVD", id: "CNNVD-201908-207", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", }, { db: "CNVD", id: "CNVD-2019-25928", }, { db: "VULMON", id: "CVE-2019-10938", }, { db: "JVNDB", id: "JVNDB-2019-007605", }, { db: "NVD", id: "CVE-2019-10938", }, { db: "CNNVD", id: "CNNVD-201908-207", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-08-05T00:00:00", db: "IVD", id: "2465d402-af66-48d7-8e2c-5d4ad536de9a", }, { date: "2019-08-05T00:00:00", db: "CNVD", id: "CNVD-2019-25928", }, { date: "2019-08-02T00:00:00", db: "VULMON", id: "CVE-2019-10938", }, { date: "2019-08-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-007605", }, { date: "2019-08-02T14:15:14.147000", db: "NVD", id: "CVE-2019-10938", }, { date: "2019-08-02T00:00:00", db: "CNNVD", id: "CNNVD-201908-207", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-08-05T00:00:00", db: "CNVD", id: "CNVD-2019-25928", }, { date: "2020-10-02T00:00:00", db: "VULMON", id: "CVE-2019-10938", }, { date: "2019-08-15T00:00:00", db: "JVNDB", id: "JVNDB-2019-007605", }, { date: "2020-10-02T14:07:51.290000", db: "NVD", id: "CVE-2019-10938", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-201908-207", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201908-207", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SIPROTEC 5 Access control vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2019-007605", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201908-207", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.