var-201909-1432
Vulnerability from variot
A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC TDC CP51M1 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC TDC CP51M1 is an industrial Ethernet communication module for the SIMATIC TDC automation system from Siemens AG, Germany. An input validation error vulnerability exists in the Siemens SIMATIC TDC CP51M1 version prior to 1.1.7
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-1432", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic tdc cp51m1", "scope": "lt", "trust": 2.4, "vendor": "siemens", "version": "1.1.7" }, { "model": "simatic tdc cp51m1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic tdc cp51m1", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "db": "CNVD", "id": "CNVD-2019-31387" }, { "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "db": "NVD", "id": "CVE-2019-10937" }, { "db": "CNNVD", "id": "CNNVD-201909-434" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-10937" } ] }, "cve": "CVE-2019-10937", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-10937", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-31387", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "7a208d00-84ef-4b64-978a-6512224c25cd", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-10937", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-10937", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-31387", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201909-434", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "db": "CNVD", "id": "CNVD-2019-31387" }, { "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "db": "NVD", "id": "CVE-2019-10937" }, { "db": "CNNVD", "id": "CNNVD-201909-434" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions \u003c V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC TDC CP51M1 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC TDC CP51M1 is an industrial Ethernet communication module for the SIMATIC TDC automation system from Siemens AG, Germany. An input validation error vulnerability exists in the Siemens SIMATIC TDC CP51M1 version prior to 1.1.7", "sources": [ { "db": "NVD", "id": "CVE-2019-10937" }, { "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "db": "CNVD", "id": "CNVD-2019-31387" }, { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10937", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-19-253-05", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-250618", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2019-31387", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201909-434", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-009301", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.3446", "trust": 0.6 }, { "db": "IVD", "id": "7A208D00-84EF-4B64-978A-6512224C25CD", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "db": "CNVD", "id": "CNVD-2019-31387" }, { "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "db": "NVD", "id": "CVE-2019-10937" }, { "db": "CNNVD", "id": "CNNVD-201909-434" } ] }, "id": "VAR-201909-1432", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "db": "CNVD", "id": "CNVD-2019-31387" } ], "trust": 1.4363636 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "db": "CNVD", "id": "CNVD-2019-31387" } ] }, "last_update_date": "2023-12-18T13:13:18.048000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-250618", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf" }, { "title": "Siemens SIMATIC TDC CP51M1 input verification error vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/180401" }, { "title": "Siemens SIMATIC TDC CP51M1 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98028" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-31387" }, { "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "db": "CNNVD", "id": "CNNVD-201909-434" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "db": "NVD", "id": "CVE-2019-10937" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-05" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10937" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10937" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3446/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-tdc-cp51m1-denial-of-service-via-udp-30285" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-31387" }, { "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "db": "NVD", "id": "CVE-2019-10937" }, { "db": "CNNVD", "id": "CNNVD-201909-434" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "db": "CNVD", "id": "CNVD-2019-31387" }, { "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "db": "NVD", "id": "CVE-2019-10937" }, { "db": "CNNVD", "id": "CNNVD-201909-434" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-16T00:00:00", "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "date": "2019-09-16T00:00:00", "db": "CNVD", "id": "CNVD-2019-31387" }, { "date": "2019-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "date": "2019-09-13T17:15:11.427000", "db": "NVD", "id": "CVE-2019-10937" }, { "date": "2019-09-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-434" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-16T00:00:00", "db": "CNVD", "id": "CNVD-2019-31387" }, { "date": "2019-10-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009301" }, { "date": "2019-09-24T20:15:11.620000", "db": "NVD", "id": "CVE-2019-10937" }, { "date": "2019-09-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-434" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-434" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC TDC CP51M1 Input validation error vulnerability", "sources": [ { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "db": "CNNVD", "id": "CNNVD-201909-434" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation error", "sources": [ { "db": "IVD", "id": "7a208d00-84ef-4b64-978a-6512224c25cd" }, { "db": "CNNVD", "id": "CNNVD-201909-434" } ], "trust": 0.8 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.