VAR-201910-0917
Vulnerability from variot - Updated: 2023-12-18 13:38A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC IT UADM Contains a vulnerability related to information disclosure from the cache.Information may be obtained. Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM) is a set of Manufacturing Execution System (MES) solutions from Siemens, Germany.
A password storage vulnerability exists in Siemens SIMATIC IT UADM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0917",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic it uadm",
"scope": "lt",
"trust": 2.4,
"vendor": "siemens",
"version": "1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic it uadm",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_it_uadm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"cve": "CVE-2019-13929",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13929",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-34596",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13929",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13929",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-34596",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-417",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-13929",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC IT UADM (All versions \u003c V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC IT UADM Contains a vulnerability related to information disclosure from the cache.Information may be obtained. Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM) is a set of Manufacturing Execution System (MES) solutions from Siemens, Germany. \n\nA password storage vulnerability exists in Siemens SIMATIC IT UADM",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13929",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-984700",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-281-04",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-34596",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3779",
"trust": 0.6
},
{
"db": "IVD",
"id": "2B632D60-B3F0-452D-A02A-CA327AEF1C0B",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-13929",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
]
},
"id": "VAR-201910-0917",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
}
],
"trust": 1.4666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
}
]
},
"last_update_date": "2023-12-18T13:38:06.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-984700",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
},
{
"title": "Patch for Siemens SIMATIC IT UADM password storage vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/184349"
},
{
"title": "Siemens SIMATIC IT Unified Architecture Discrete Manufacturing Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99084"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=218cc8b0370afec50119bc253e2d9c78"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13929"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-281-04"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13929"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3779/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-it-uadm-privilege-escalation-via-password-recovery-30561"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"date": "2019-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"date": "2019-10-10T14:15:14.860000",
"db": "NVD",
"id": "CVE-2019-13929"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"date": "2019-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"date": "2020-10-16T13:16:22.770000",
"db": "NVD",
"id": "CVE-2019-13929"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC IT UADM Password storage vulnerability",
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…