Sign-up

ID

VAR-201907-1453


CVE

CVE-2019-10930


TITLE

SIPROTEC 5 Device and DIGSI 5 engineering software Vulnerable to unlimited upload of dangerous types of files

Trust: 0.8

sources: JVNDB: JVNDB-2019-006588

DESCRIPTION

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system. SIPROTEC 5 Device and DIGSI 5 engineering software Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. There are unexplained vulnerabilities in several Siemens products

Trust: 2.34

sources: NVD: CVE-2019-10930 // JVNDB: JVNDB-2019-006588 // CNVD: CNVD-2019-22237 // IVD: ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e // CNVD: CNVD-2019-22237

AFFECTED PRODUCTS

vendor:siemensmodel:digsi 5 engineering softwarescope:eqversion:7.90

Trust: 1.0

vendor:siemensmodel:siprotec 5 digsi device driverscope:eqversion:7.90

Trust: 1.0

vendor:siemensmodel:digsi 5 engineering softwarescope: - version: -

Trust: 0.8

vendor:siemensmodel:siprotec 5 digsi device driverscope: - version: -

Trust: 0.8

vendor:siemensmodel:digsiscope:eqversion:5<v7.90

Trust: 0.6

vendor:siemensmodel:siprotecscope:eqversion:5

Trust: 0.6

vendor:digsi 5 engineeringmodel: - scope:eqversion:7.90

Trust: 0.2

vendor:siprotec 5 digsi device drivermodel: - scope:eqversion:7.90

Trust: 0.2

sources: IVD: ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e // CNVD: CNVD-2019-22237 // JVNDB: JVNDB-2019-006588 // NVD: CVE-2019-10930

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10930
value: HIGH

Trust: 1.0

NVD: CVE-2019-10930
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-22237
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-516
value: HIGH

Trust: 0.6

IVD: ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-10930
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-22237
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-10930
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e // CNVD: CNVD-2019-22237 // JVNDB: JVNDB-2019-006588 // CNNVD: CNNVD-201907-516 // NVD: CVE-2019-10930

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.8

problemtype:CWE-552

Trust: 1.0

sources: JVNDB: JVNDB-2019-006588 // NVD: CVE-2019-10930

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-516

TYPE

Code problem

Trust: 0.8

sources: IVD: ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e // CNNVD: CNNVD-201907-516

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006588

PATCH
title:SSA-899560url:https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf
Trust: 0.8
title:Patches for unidentified vulnerabilities in various Siemens productsurl:https://www.cnvd.org.cn/patchInfo/show/168529
Trust: 0.6
title:Multiple Siemens Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94650
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-22237 // 
            
            
            
            JVNDB: JVNDB-2019-006588 // 
            
            
            
            CNNVD: CNNVD-201907-516

EXTERNAL IDS
db:NVDid:CVE-2019-10930
Trust: 3.2
db:SIEMENSid:SSA-899560
Trust: 2.2
db:ICS CERTid:ICSA-19-190-05
Trust: 1.4
db:CNVDid:CNVD-2019-22237
Trust: 0.8
db:CNNVDid:CNNVD-201907-516
Trust: 0.8
db:JVNDBid:JVNDB-2019-006588
Trust: 0.8
db:AUSCERTid:ESB-2019.2525
Trust: 0.6
db:IVDid:EA3A54D8-AC1E-48AE-B00D-1A02DFDE6E0E
Trust: 0.2
sources:
            
            
            IVD: ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e // 
            
            
            
            CNVD: CNVD-2019-22237 // 
            
            
            
            JVNDB: JVNDB-2019-006588 // 
            
            
            
            CNNVD: CNNVD-201907-516 // 
            
            
            
            NVD: CVE-2019-10930

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf
Trust: 2.2
url:https://www.us-cert.gov/ics/advisories/icsa-19-190-05
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-10930
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10930
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2525/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-22237 // 
            
            
            
            JVNDB: JVNDB-2019-006588 // 
            
            
            
            CNNVD: CNNVD-201907-516 // 
            
            
            
            NVD: CVE-2019-10930

SOURCES
db:IVDid:ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e
db:CNVDid:CNVD-2019-22237
db:JVNDBid:JVNDB-2019-006588
db:CNNVDid:CNNVD-201907-516
db:NVDid:CVE-2019-10930

LAST UPDATE DATE
2024-11-23T22:06:07.137000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-22237date:2019-07-12T00:00:00
db:JVNDBid:JVNDB-2019-006588date:2019-08-06T00:00:00
db:CNNVDid:CNNVD-201907-516date:2020-06-12T00:00:00
db:NVDid:CVE-2019-10930date:2024-11-21T04:20:10.640

SOURCES RELEASE DATE
db:IVDid:ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0edate:2019-07-12T00:00:00
db:CNVDid:CNVD-2019-22237date:2019-07-12T00:00:00
db:JVNDBid:JVNDB-2019-006588date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-516date:2019-07-09T00:00:00
db:NVDid:CVE-2019-10930date:2019-07-11T22:15:11.560