VAR-202001-1486
Vulnerability from variot - Updated: 2023-12-18 13:52A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known. SINEMA Server Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SINEMA Server is the network management software designed by Siemens for Industrial Ethernet. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1486",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinema server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "sinema server sp2 update",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v14.01"
},
{
"model": "sinema server",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "14.0 sp2 update 1"
}
],
"sources": [
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"db": "NVD",
"id": "CVE-2019-10940"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10940"
}
]
},
"cve": "CVE-2019-10940",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-10940",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-02224",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.9,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10940",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10940",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-02224",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-536",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"db": "NVD",
"id": "CVE-2019-10940"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SINEMA Server (All versions \u003c V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known. SINEMA Server Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SINEMA Server is the network management software designed by Siemens for Industrial Ethernet. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10940"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10940",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-014-02",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-880233",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2020-02224",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-536",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014225",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0157",
"trust": 0.6
},
{
"db": "IVD",
"id": "FE5704E0-4E6D-4125-A613-57BA8AD43D7A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"db": "NVD",
"id": "CVE-2019-10940"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
]
},
"id": "VAR-202001-1486",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-02224"
}
],
"trust": 1.43035714
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-02224"
}
]
},
"last_update_date": "2023-12-18T13:52:04.263000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-880233",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf"
},
{
"title": "Patch for SIEMENS SINEMA Server Incorrect Session Authentication Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/197091"
},
{
"title": "Siemens SINEMA Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108523"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"db": "NVD",
"id": "CVE-2019-10940"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-02"
},
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10940"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10940"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0157/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"db": "NVD",
"id": "CVE-2019-10940"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"db": "NVD",
"id": "CVE-2019-10940"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-14T00:00:00",
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"date": "2020-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"date": "2020-01-16T16:15:15.887000",
"db": "NVD",
"id": "CVE-2019-10940"
},
{
"date": "2020-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02224"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014225"
},
{
"date": "2021-09-20T12:15:09.710000",
"db": "NVD",
"id": "CVE-2019-10940"
},
{
"date": "2021-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIEMENS SINEMA Server Incorrect Session Authentication Vulnerability",
"sources": [
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-02224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "fe5704e0-4e6d-4125-a613-57ba8ad43d7a"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-536"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…