ID

VAR-201906-0210


CVE

CVE-2019-6567


TITLE

Siemens SCALANCE X Switches Local Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. plural SCALANCE The product contains vulnerabilities related to certificate and password management.Information may be obtained. SiemensSCALANCEXswitches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A local information disclosure vulnerability exists in SiemensSCALANCEXSwitches. Local attackers can exploit vulnerabilities to obtain sensitive information. Siemens SCALANCE X Switches are prone to an local information-disclosure vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. A trust management issue vulnerability exists in several Siemens products due to the program storing passwords in a recoverable format

Trust: 2.7

sources: NVD: CVE-2019-6567 // JVNDB: JVNDB-2019-005572 // CNVD: CNVD-2019-17149 // BID: 108726 // IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // VULHUB: VHN-158002

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x-200scope:ltversion:5.2.4

Trust: 1.8

vendor:siemensmodel:scalance x-414-3escope: - version: -

Trust: 1.4

vendor:siemensmodel:scalance x-200irtscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-300scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-414-3escope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x200 irtscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalancescope:eqversion:x-300

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x-200<v5.2.4

Trust: 0.6

vendor:siemensmodel:scalance x-200irtscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance x-414-3escope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-3000

Trust: 0.3

vendor:siemensmodel:scalance x-200irtscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-2005.2.3

Trust: 0.3

vendor:siemensmodel:scalancescope:eqversion:x-2004.5

Trust: 0.3

vendor:siemensmodel:scalancescope:neversion:x-2005.2.4

Trust: 0.3

vendor:scalance x 200model: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 200irtmodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 300model: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 414 3emodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149 // BID: 108726 // JVNDB: JVNDB-2019-005572 // NVD: CVE-2019-6567

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6567
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6567
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-17149
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-517
value: MEDIUM

Trust: 0.6

IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6
value: MEDIUM

Trust: 0.2

VULHUB: VHN-158002
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-6567
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-17149
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-158002
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6567
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6567
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149 // VULHUB: VHN-158002 // JVNDB: JVNDB-2019-005572 // CNNVD: CNNVD-201906-517 // NVD: CVE-2019-6567

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-257

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-158002 // JVNDB: JVNDB-2019-005572 // NVD: CVE-2019-6567

THREAT TYPE

local

Trust: 0.9

sources: BID: 108726 // CNNVD: CNNVD-201906-517

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-517

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005572

PATCH

title:SSA-646841url:https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf

Trust: 0.8

title:Patch for SiemensSCALANCEXSwitches Local Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/163431

Trust: 0.6

sources: CNVD: CNVD-2019-17149 // JVNDB: JVNDB-2019-005572

EXTERNAL IDS

db:NVDid:CVE-2019-6567

Trust: 3.6

db:SIEMENSid:SSA-646841

Trust: 2.6

db:ICS CERTid:ICSA-19-162-04

Trust: 1.7

db:BIDid:108726

Trust: 1.0

db:CNNVDid:CNNVD-201906-517

Trust: 0.9

db:CNVDid:CNVD-2019-17149

Trust: 0.8

db:JVNDBid:JVNDB-2019-005572

Trust: 0.8

db:IVDid:837D970C-B3A2-4F6A-AA55-5BFC45DCB3B6

Trust: 0.2

db:VULHUBid:VHN-158002

Trust: 0.1

sources: IVD: 837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6 // CNVD: CNVD-2019-17149 // VULHUB: VHN-158002 // BID: 108726 // JVNDB: JVNDB-2019-005572 // CNNVD: CNNVD-201906-517 // NVD: CVE-2019-6567

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf

Trust: 2.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-162-04

Trust: 1.4

url:http://subscriber.communications.siemens.com/

Trust: 0.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-162-04

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6567

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6567

Trust: 0.8

url:https://www.securityfocus.com/bid/108726

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-162-04

Trust: 0.6

sources: CNVD: CNVD-2019-17149 // VULHUB: VHN-158002 // BID: 108726 // JVNDB: JVNDB-2019-005572 // CNNVD: CNNVD-201906-517 // NVD: CVE-2019-6567

CREDITS

Christopher Wade from Pen Test Partners,Siemens thanks Christopher Wade from Pen Test Partners for coordinated disclosure. Siemens reported this vulnerability to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201906-517

SOURCES

db:IVDid:837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6
db:CNVDid:CNVD-2019-17149
db:VULHUBid:VHN-158002
db:BIDid:108726
db:JVNDBid:JVNDB-2019-005572
db:CNNVDid:CNNVD-201906-517
db:NVDid:CVE-2019-6567

LAST UPDATE DATE

2024-08-14T15:28:36.223000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-17149date:2019-06-13T00:00:00
db:VULHUBid:VHN-158002date:2020-10-06T00:00:00
db:BIDid:108726date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005572date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201906-517date:2021-02-18T00:00:00
db:NVDid:CVE-2019-6567date:2021-02-09T18:15:16.183

SOURCES RELEASE DATE

db:IVDid:837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6date:2019-06-13T00:00:00
db:CNVDid:CNVD-2019-17149date:2019-06-13T00:00:00
db:VULHUBid:VHN-158002date:2019-06-12T00:00:00
db:BIDid:108726date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005572date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-517date:2019-06-11T00:00:00
db:NVDid:CVE-2019-6567date:2019-06-12T14:29:04.820