ID

VAR-201904-0175


CVE

CVE-2019-6570


TITLE

Siemens SINEMA Unauthorized Access Vulnerability

Trust: 0.8

sources: IVD: 7372e208-26d9-4cfc-93cd-b8e76b594c46 // CNVD: CNVD-2019-10133

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. SINEMA Remote Connect Server Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens SINEMA has an unauthorized access vulnerability that an attacker can use to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. The platform supports efficient and secure remote access to machines and equipment distributed around the world, as well as secure management of VPN tunnels between control centers, service engineers and installed equipment. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 2.79

sources: NVD: CVE-2019-6570 // JVNDB: JVNDB-2019-003470 // CNVD: CNVD-2019-10133 // BID: 107843 // IVD: 7372e208-26d9-4cfc-93cd-b8e76b594c46 // VULHUB: VHN-158005 // VULMON: CVE-2019-6570

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7372e208-26d9-4cfc-93cd-b8e76b594c46 // CNVD: CNVD-2019-10133

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:2.0

Trust: 1.8

vendor:siemensmodel:sinema remote connect serverscope:ltversion:1.2

Trust: 0.6

vendor:siemensmodel:sinema remote connect serverscope:eqversion:1.2

Trust: 0.3

vendor:siemensmodel:sinema remote connect serverscope:neversion:2.0

Trust: 0.3

vendor:sinema remote connect servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7372e208-26d9-4cfc-93cd-b8e76b594c46 // CNVD: CNVD-2019-10133 // BID: 107843 // JVNDB: JVNDB-2019-003470 // NVD: CVE-2019-6570

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6570
value: HIGH

Trust: 1.0

NVD: CVE-2019-6570
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-10133
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-466
value: HIGH

Trust: 0.6

IVD: 7372e208-26d9-4cfc-93cd-b8e76b594c46
value: HIGH

Trust: 0.2

VULHUB: VHN-158005
value: HIGH

Trust: 0.1

VULMON: CVE-2019-6570
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6570
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-10133
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7372e208-26d9-4cfc-93cd-b8e76b594c46
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-158005
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6570
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6570
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7372e208-26d9-4cfc-93cd-b8e76b594c46 // CNVD: CNVD-2019-10133 // VULHUB: VHN-158005 // VULMON: CVE-2019-6570 // JVNDB: JVNDB-2019-003470 // CNNVD: CNNVD-201904-466 // NVD: CVE-2019-6570

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:CWE-280

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-158005 // JVNDB: JVNDB-2019-003470 // NVD: CVE-2019-6570

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-466

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201904-466

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003470

PATCH

title:SSA-436177url:https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf

Trust: 0.8

title:Siemens SINEMA Unauthorized Access Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/158809

Trust: 0.6

title:Haxx libcurl Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91294

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=8a056bd2177d12192b11798b7ac3e013

Trust: 0.1

sources: CNVD: CNVD-2019-10133 // VULMON: CVE-2019-6570 // JVNDB: JVNDB-2019-003470 // CNNVD: CNNVD-201904-466

EXTERNAL IDS

db:NVDid:CVE-2019-6570

Trust: 3.7

db:SIEMENSid:SSA-436177

Trust: 2.7

db:ICS CERTid:ICSA-19-099-04

Trust: 1.8

db:BIDid:107843

Trust: 1.7

db:CNNVDid:CNNVD-201904-466

Trust: 0.9

db:CNVDid:CNVD-2019-10133

Trust: 0.8

db:JVNDBid:JVNDB-2019-003470

Trust: 0.8

db:AUSCERTid:ESB-2019.1221

Trust: 0.6

db:IVDid:7372E208-26D9-4CFC-93CD-B8E76B594C46

Trust: 0.2

db:VULHUBid:VHN-158005

Trust: 0.1

db:VULMONid:CVE-2019-6570

Trust: 0.1

sources: IVD: 7372e208-26d9-4cfc-93cd-b8e76b594c46 // CNVD: CNVD-2019-10133 // VULHUB: VHN-158005 // VULMON: CVE-2019-6570 // BID: 107843 // JVNDB: JVNDB-2019-003470 // CNNVD: CNNVD-201904-466 // NVD: CVE-2019-6570

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf

Trust: 2.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-6570

Trust: 1.4

url:https://ics-cert.us-cert.gov/advisories/icsa-19-099-04

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6570

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-19-099-04

Trust: 0.8

url:https://www.securityfocus.com/bid/107843

Trust: 0.7

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78786

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/280.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2019-10133 // VULHUB: VHN-158005 // VULMON: CVE-2019-6570 // BID: 107843 // JVNDB: JVNDB-2019-003470 // CNNVD: CNNVD-201904-466 // NVD: CVE-2019-6570

CREDITS

Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens

Trust: 0.6

sources: CNNVD: CNNVD-201904-466

SOURCES

db:IVDid:7372e208-26d9-4cfc-93cd-b8e76b594c46
db:CNVDid:CNVD-2019-10133
db:VULHUBid:VHN-158005
db:VULMONid:CVE-2019-6570
db:BIDid:107843
db:JVNDBid:JVNDB-2019-003470
db:CNNVDid:CNNVD-201904-466
db:NVDid:CVE-2019-6570

LAST UPDATE DATE

2024-08-14T12:54:04.815000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-10133date:2019-04-17T00:00:00
db:VULHUBid:VHN-158005date:2020-10-06T00:00:00
db:VULMONid:CVE-2019-6570date:2021-03-15T00:00:00
db:BIDid:107843date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003470date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201904-466date:2021-03-19T00:00:00
db:NVDid:CVE-2019-6570date:2021-03-15T18:15:16.457

SOURCES RELEASE DATE

db:IVDid:7372e208-26d9-4cfc-93cd-b8e76b594c46date:2019-04-17T00:00:00
db:CNVDid:CNVD-2019-10133date:2019-04-17T00:00:00
db:VULHUBid:VHN-158005date:2019-04-17T00:00:00
db:VULMONid:CVE-2019-6570date:2019-04-17T00:00:00
db:BIDid:107843date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003470date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-466date:2019-04-09T00:00:00
db:NVDid:CVE-2019-6570date:2019-04-17T14:29:03.730