Details of VAR-201906-0210

ID

VAR-201906-0210

CVE

CVE-2019-6567

TITLE

Siemens SCALANCE X Switches Local Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. plural SCALANCE The product contains vulnerabilities related to certificate and password management.Information may be obtained. SiemensSCALANCEXswitches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A local information disclosure vulnerability exists in SiemensSCALANCEXSwitches. Local attackers can exploit vulnerabilities to obtain sensitive information. Siemens SCALANCE X Switches are prone to an local information-disclosure vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. A trust management issue vulnerability exists in several Siemens products due to the program storing passwords in a recoverable format

Trust: 2.7

sources: NVD: CVE-2019-6567 // JVNDB: JVNDB-2019-005572 // CNVD: CNVD-2019-17149 // BID: 108726 // IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // VULHUB: VHN-158002

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance x-200	scope:	lt	version:	5.2.4	Trust: 1.8
vendor:	siemens	model:	scalance x-414-3e	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	scalance x-200irt	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x-300	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x-414-3e	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x200 irt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x300	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance	scope:	eq	version:	x-300	Trust: 0.6
vendor:	siemens	model:	scalance	scope:	eq	version:	x-200<v5.2.4	Trust: 0.6
vendor:	siemens	model:	scalance x-200irt	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance x-414-3e	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x-3000	Trust: 0.3
vendor:	siemens	model:	scalance x-200irt	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x-2005.2.3	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	eq	version:	x-2004.5	Trust: 0.3
vendor:	siemens	model:	scalance	scope:	ne	version:	x-2005.2.4	Trust: 0.3
vendor:	scalance x 200	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance x 200irt	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance x 300	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance x 414 3e	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149 // BID: 108726 // JVNDB: JVNDB-2019-005572 // NVD: CVE-2019-6567

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6567
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6567
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-17149
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-517
value:	MEDIUM
Trust: 0.6
IVD:	837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-158002
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-6567
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-17149
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-158002
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6567
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6567
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149 // VULHUB: VHN-158002 // JVNDB: JVNDB-2019-005572 // CNNVD: CNNVD-201906-517 // NVD: CVE-2019-6567

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-257	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-158002 // JVNDB: JVNDB-2019-005572 // NVD: CVE-2019-6567

THREAT TYPE

local

Trust: 0.9

sources: BID: 108726 // CNNVD: CNNVD-201906-517

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-517

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005572

PATCH

title:	SSA-646841	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf	Trust: 0.8
title:	Patch for SiemensSCALANCEXSwitches Local Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/163431	Trust: 0.6

sources: CNVD: CNVD-2019-17149 // JVNDB: JVNDB-2019-005572

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6567	Trust: 3.6
db:	SIEMENS	id:	SSA-646841	Trust: 2.6
db:	ICS CERT	id:	ICSA-19-162-04	Trust: 1.7
db:	BID	id:	108726	Trust: 1.0
db:	CNNVD	id:	CNNVD-201906-517	Trust: 0.9
db:	CNVD	id:	CNVD-2019-17149	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-005572	Trust: 0.8
db:	IVD	id:	837D970C-B3A2-4F6A-AA55-5BFC45DCB3B6	Trust: 0.2
db:	VULHUB	id:	VHN-158002	Trust: 0.1

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149 // VULHUB: VHN-158002 // BID: 108726 // JVNDB: JVNDB-2019-005572 // CNNVD: CNNVD-201906-517 // NVD: CVE-2019-6567

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf	Trust: 2.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-162-04	Trust: 1.4
url:	http://subscriber.communications.siemens.com/	Trust: 0.9
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-162-04	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6567	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6567	Trust: 0.8
url:	https://www.securityfocus.com/bid/108726	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-162-04	Trust: 0.6

sources: CNVD: CNVD-2019-17149 // VULHUB: VHN-158002 // BID: 108726 // JVNDB: JVNDB-2019-005572 // CNNVD: CNNVD-201906-517 // NVD: CVE-2019-6567

CREDITS

Christopher Wade from Pen Test Partners,Siemens thanks Christopher Wade from Pen Test Partners for coordinated disclosure. Siemens reported this vulnerability to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201906-517

SOURCES

db:	IVD	id:	837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6
db:	CNVD	id:	CNVD-2019-17149
db:	VULHUB	id:	VHN-158002
db:	BID	id:	108726
db:	JVNDB	id:	JVNDB-2019-005572
db:	CNNVD	id:	CNNVD-201906-517
db:	NVD	id:	CVE-2019-6567

LAST UPDATE DATE

2024-08-14T15:28:36.223000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-17149	date:	2019-06-13T00:00:00
db:	VULHUB	id:	VHN-158002	date:	2020-10-06T00:00:00
db:	BID	id:	108726	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-005572	date:	2019-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201906-517	date:	2021-02-18T00:00:00
db:	NVD	id:	CVE-2019-6567	date:	2021-02-09T18:15:16.183

SOURCES RELEASE DATE

db:	IVD	id:	837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6	date:	2019-06-13T00:00:00
db:	CNVD	id:	CNVD-2019-17149	date:	2019-06-13T00:00:00
db:	VULHUB	id:	VHN-158002	date:	2019-06-12T00:00:00
db:	BID	id:	108726	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-005572	date:	2019-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201906-517	date:	2019-06-11T00:00:00
db:	NVD	id:	CVE-2019-6567	date:	2019-06-12T14:29:04.820