ID

VAR-201903-0175


CVE

CVE-2019-6569


TITLE

plural Scalance Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-003223

DESCRIPTION

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior. plural Scalance The product contains an input validation vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A mirror port isolation vulnerability exists in several SCALANCE X switches products. Siemens SCALANCE X switches are prone to a security weakness. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. Failed exploit attempts will result in a denial of service condition. A vulnerability has been identified in Scalance X-200 (All versions. Siemens Scalance X-200, etc. are all products of Germany's Siemens (Siemens). Scalance X-200 is an industrial grade Ethernet switch. Scalance X-300 is an industrial grade Ethernet switch. Scalance XP-200 is an Ethernet switch

Trust: 2.79

sources: NVD: CVE-2019-6569 // JVNDB: JVNDB-2019-003223 // CNVD: CNVD-2019-07008 // BID: 107465 // IVD: abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0a // VULHUB: VHN-158004 // VULMON: CVE-2019-6569

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0a // CNVD: CNVD-2019-07008

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xc-200scope:ltversion:4.1

Trust: 1.8

vendor:siemensmodel:scalance xf-200scope:ltversion:4.1

Trust: 1.8

vendor:siemensmodel:scalance xp-200scope:ltversion:4.1

Trust: 1.8

vendor:siemensmodel:scalance x-200scope:ltversion:5.2.4

Trust: 1.0

vendor:siemensmodel:scalance x-300scope:ltversion:4.1.3

Trust: 1.0

vendor:siemensmodel:scalance x-200scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalancescope:eqversion:x-300

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x-200

Trust: 0.6

vendor:siemensmodel:scalance xp/xc/xf-200scope:ltversion:v4.1

Trust: 0.6

vendor:siemensmodel:scalance xf-200scope:eqversion: -

Trust: 0.3

vendor:siemensmodel:scalance xc-200scope:eqversion:3.0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3000

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-2000

Trust: 0.3

vendor:siemensmodel:scalance xp-200scope:eqversion:3.0

Trust: 0.3

vendor:siemensmodel:scalance xf-200scope:neversion:4.1

Trust: 0.3

vendor:scalance x 200model: - scope:eqversion: -

Trust: 0.2

vendor:scalance x 300model: - scope:eqversion: -

Trust: 0.2

vendor:scalance xp 200model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xc 200model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xf 200model: - scope:eqversion:*

Trust: 0.2

sources: IVD: abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0a // CNVD: CNVD-2019-07008 // BID: 107465 // JVNDB: JVNDB-2019-003223 // NVD: CVE-2019-6569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6569
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6569
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-07008
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-699
value: CRITICAL

Trust: 0.6

IVD: abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0a
value: CRITICAL

Trust: 0.2

VULHUB: VHN-158004
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-6569
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6569
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-07008
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0a
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-158004
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6569
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-6569
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0a // CNVD: CNVD-2019-07008 // VULHUB: VHN-158004 // VULMON: CVE-2019-6569 // JVNDB: JVNDB-2019-003223 // CNNVD: CNNVD-201903-699 // NVD: CVE-2019-6569

PROBLEMTYPE DATA

problemtype:CWE-440

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-158004 // JVNDB: JVNDB-2019-003223 // NVD: CVE-2019-6569

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-699

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201903-699

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003223

PATCH

title:SSA-557804url:https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf

Trust: 0.8

title:Patches for multiple SCALANCE X switches product mirror port isolation vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/156051

Trust: 0.6

title:Multiple Siemens Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90252

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=7ae14387a55523872a9f4bd3861a6fd2

Trust: 0.1

sources: CNVD: CNVD-2019-07008 // VULMON: CVE-2019-6569 // JVNDB: JVNDB-2019-003223 // CNNVD: CNNVD-201903-699

EXTERNAL IDS

db:NVDid:CVE-2019-6569

Trust: 3.7

db:SIEMENSid:SSA-557804

Trust: 2.7

db:ICS CERTid:ICSA-19-085-01

Trust: 1.8

db:BIDid:107465

Trust: 1.1

db:CNNVDid:CNNVD-201903-699

Trust: 0.9

db:CNVDid:CNVD-2019-07008

Trust: 0.8

db:JVNDBid:JVNDB-2019-003223

Trust: 0.8

db:AUSCERTid:ESB-2019.1010.2

Trust: 0.6

db:IVDid:ABD4F3DB-D6CE-4F38-BD42-E5D8D0A93F0A

Trust: 0.2

db:VULHUBid:VHN-158004

Trust: 0.1

db:VULMONid:CVE-2019-6569

Trust: 0.1

sources: IVD: abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0a // CNVD: CNVD-2019-07008 // VULHUB: VHN-158004 // VULMON: CVE-2019-6569 // BID: 107465 // JVNDB: JVNDB-2019-003223 // CNNVD: CNNVD-201903-699 // NVD: CVE-2019-6569

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf

Trust: 2.7

url:http://www.securityfocus.com/bid/107465

Trust: 1.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-085-01

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-6569

Trust: 1.4

url:http://www.siemens.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6569

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-19-085-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/77898

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/440.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-19-085-01

Trust: 0.1

sources: CNVD: CNVD-2019-07008 // VULHUB: VHN-158004 // VULMON: CVE-2019-6569 // BID: 107465 // JVNDB: JVNDB-2019-003223 // CNNVD: CNNVD-201903-699 // NVD: CVE-2019-6569

CREDITS

The vendor reported this issue.,Siemens reported this vulnerability to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201903-699

SOURCES

db:IVDid:abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0a
db:CNVDid:CNVD-2019-07008
db:VULHUBid:VHN-158004
db:VULMONid:CVE-2019-6569
db:BIDid:107465
db:JVNDBid:JVNDB-2019-003223
db:CNNVDid:CNNVD-201903-699
db:NVDid:CVE-2019-6569

LAST UPDATE DATE

2024-08-14T15:02:24.598000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-07008date:2019-03-13T00:00:00
db:VULHUBid:VHN-158004date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-6569date:2022-07-12T00:00:00
db:BIDid:107465date:2019-03-12T00:00:00
db:JVNDBid:JVNDB-2019-003223date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-699date:2021-10-13T00:00:00
db:NVDid:CVE-2019-6569date:2022-07-12T14:15:13.240

SOURCES RELEASE DATE

db:IVDid:abd4f3db-d6ce-4f38-bd42-e5d8d0a93f0adate:2019-03-13T00:00:00
db:CNVDid:CNVD-2019-07008date:2019-03-13T00:00:00
db:VULHUBid:VHN-158004date:2019-03-26T00:00:00
db:VULMONid:CVE-2019-6569date:2019-03-26T00:00:00
db:BIDid:107465date:2019-03-12T00:00:00
db:JVNDBid:JVNDB-2019-003223date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201903-699date:2019-03-12T00:00:00
db:NVDid:CVE-2019-6569date:2019-03-26T22:29:00.833