ID

VAR-201906-1033


CVE

CVE-2019-10926


TITLE

SIMATIC Ident MV420 family and MV440 family Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005574

DESCRIPTION

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted. SIMATIC Ident MV420 family and MV440 family Contains a cryptographic vulnerability.Information may be obtained. The Siemens SIMATIC Ident MV 420 and the Siemens SIMATIC Ident MV 440 are both a code reading system from Siemens AG, Germany. Siemens SIMATIC Ident MV420 and MV440 Families are prone to multiple security vulnerabilities. Attackers can leverage these issues to gain elevated privileges and obtain sensitive information. At the time of advisory publication no public exploitation of this security vulnerability was known

Trust: 2.7

sources: NVD: CVE-2019-10926 // JVNDB: JVNDB-2019-005574 // CNVD: CNVD-2019-21107 // BID: 108725 // IVD: 3bede54c-ec00-4da4-8f33-8ac22c396ed9 // VULHUB: VHN-142521

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3bede54c-ec00-4da4-8f33-8ac22c396ed9 // CNVD: CNVD-2019-21107

AFFECTED PRODUCTS

vendor:siemensmodel:simatic mv420scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic mv440scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ident mv420 familyscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic ident mv440 familyscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic ident mv440scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic ident mv420scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic ident mv440scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ident mv420scope:eqversion:0

Trust: 0.3

vendor:simatic mv420model: - scope:eqversion:*

Trust: 0.2

vendor:simatic mv440model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 3bede54c-ec00-4da4-8f33-8ac22c396ed9 // CNVD: CNVD-2019-21107 // BID: 108725 // JVNDB: JVNDB-2019-005574 // NVD: CVE-2019-10926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10926
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10926
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-21107
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-522
value: MEDIUM

Trust: 0.6

IVD: 3bede54c-ec00-4da4-8f33-8ac22c396ed9
value: MEDIUM

Trust: 0.2

VULHUB: VHN-142521
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-10926
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-21107
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3bede54c-ec00-4da4-8f33-8ac22c396ed9
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142521
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10926
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 3bede54c-ec00-4da4-8f33-8ac22c396ed9 // CNVD: CNVD-2019-21107 // VULHUB: VHN-142521 // JVNDB: JVNDB-2019-005574 // CNNVD: CNNVD-201906-522 // NVD: CVE-2019-10926

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

problemtype:CWE-319

Trust: 1.0

sources: VULHUB: VHN-142521 // JVNDB: JVNDB-2019-005574 // NVD: CVE-2019-10926

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-522

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-522

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005574

PATCH

title:SSA-816980url:https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2019-005574

EXTERNAL IDS

db:NVDid:CVE-2019-10926

Trust: 3.6

db:ICS CERTid:ICSA-19-162-02

Trust: 3.4

db:SIEMENSid:SSA-816980

Trust: 2.0

db:BIDid:108725

Trust: 2.0

db:CNNVDid:CNNVD-201906-522

Trust: 0.9

db:CNVDid:CNVD-2019-21107

Trust: 0.8

db:JVNDBid:JVNDB-2019-005574

Trust: 0.8

db:IVDid:3BEDE54C-EC00-4DA4-8F33-8AC22C396ED9

Trust: 0.2

db:VULHUBid:VHN-142521

Trust: 0.1

sources: IVD: 3bede54c-ec00-4da4-8f33-8ac22c396ed9 // CNVD: CNVD-2019-21107 // VULHUB: VHN-142521 // BID: 108725 // JVNDB: JVNDB-2019-005574 // CNNVD: CNNVD-201906-522 // NVD: CVE-2019-10926

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-162-02

Trust: 3.4

url:http://www.securityfocus.com/bid/108725

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf

Trust: 2.0

url:http://www.siemens.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10926

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-10926

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-162-02

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-ident-information-disclosure-via-web-session-29519

Trust: 0.6

sources: CNVD: CNVD-2019-21107 // VULHUB: VHN-142521 // BID: 108725 // JVNDB: JVNDB-2019-005574 // CNNVD: CNNVD-201906-522 // NVD: CVE-2019-10926

CREDITS

The vendor reported these issues.,Siemens PSIRT reported these vulnerabilities to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201906-522

SOURCES

db:IVDid:3bede54c-ec00-4da4-8f33-8ac22c396ed9
db:CNVDid:CNVD-2019-21107
db:VULHUBid:VHN-142521
db:BIDid:108725
db:JVNDBid:JVNDB-2019-005574
db:CNNVDid:CNNVD-201906-522
db:NVDid:CVE-2019-10926

LAST UPDATE DATE

2024-11-23T22:41:28.852000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-21107date:2019-07-04T00:00:00
db:VULHUBid:VHN-142521date:2019-10-09T00:00:00
db:BIDid:108725date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005574date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-522date:2021-08-16T00:00:00
db:NVDid:CVE-2019-10926date:2024-11-21T04:20:10.120

SOURCES RELEASE DATE

db:IVDid:3bede54c-ec00-4da4-8f33-8ac22c396ed9date:2019-07-04T00:00:00
db:CNVDid:CNVD-2019-21107date:2019-07-04T00:00:00
db:VULHUBid:VHN-142521date:2019-06-12T00:00:00
db:BIDid:108725date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005574date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-522date:2019-06-11T00:00:00
db:NVDid:CVE-2019-10926date:2019-06-12T14:29:04.510