ID

VAR-201907-1455


CVE

CVE-2019-10935


TITLE

plural SIMATIC Product unrestricted upload vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006590

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known. plural SIMATIC The product contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC PCS 7 and SIMATIC WinCC are products of Siemens AG, Germany. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. The SIMATIC WinCC DataMonitor web is one of the data analysis and display components. A security vulnerability exists in the SIMATIC WinCC DataMonitor web in several Siemens products. Siemens SIMATIC WinCC and SIMATIC PCS 7 are prone to an arbitrary file-upload vulnerability

Trust: 2.79

sources: NVD: CVE-2019-10935 // JVNDB: JVNDB-2019-006590 // CNVD: CNVD-2019-22244 // BID: 109127 // IVD: 69364700-0a59-4c18-a969-e06b68873d4f // VULHUB: VHN-142531 // VULMON: CVE-2019-10935

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 69364700-0a59-4c18-a969-e06b68873d4f // CNVD: CNVD-2019-22244

AFFECTED PRODUCTS

vendor:siemensmodel:simatic winccscope:eqversion:7.5

Trust: 1.3

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 1.3

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 1.3

vendor:siemensmodel:simatic winccscope:lteversion:7.2

Trust: 1.0

vendor:siemensmodel:simatic wincc runtimescope:eqversion:13

Trust: 1.0

vendor:siemensmodel:simatic wincc runtimescope:eqversion:14

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:13

Trust: 1.0

vendor:siemensmodel:simatic wincc runtimescope:eqversion:15

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.1

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:9.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.2

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:14

Trust: 1.0

vendor:siemensmodel:simatic wincc runtimescope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.0

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:15

Trust: 1.0

vendor:siemensmodel:simatic pcsscope:eqversion:7v8.0

Trust: 0.8

vendor:siemensmodel:simatic pcsscope:eqversion:7v8.1

Trust: 0.8

vendor:siemensmodel:simatic pcsscope:eqversion:7v9.0

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:v7.3

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v13

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v14

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic pcsscope:eqversion:7<=v8.0

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v15

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic winccscope:lteversion:<=v7.2

Trust: 0.6

vendor:siemensmodel:simatic wincc professional (tia portalscope:eqversion:v13)

Trust: 0.6

vendor:siemensmodel:simatic wincc professional (tia portalscope:eqversion:v14)

Trust: 0.6

vendor:siemensmodel:simatic wincc professional (tia portalscope:eqversion:v15)

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v7.5

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professional updatescope:eqversion:v15.11

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional updatescope:eqversion:154

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp1scope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp2scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp1 upd2scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp updatescope:eqversion:1319

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc professionalscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic wincc professional sp1scope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc professionalscope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc professional sp2scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc professionalscope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.41

Trust: 0.3

vendor:siemensmodel:simatic wincc sp1scope:eqversion:7.4

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.32

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.313

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.311

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.310

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.31

Trust: 0.3

vendor:siemensmodel:simatic wincc upd4scope:eqversion:7.3

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.29

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic wincc sp3 updscope:eqversion:7.08

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:6.2

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:79.0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.2

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.0

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:7.53

Trust: 0.3

vendor:siemensmodel:simatic wincc sp-1 upd-11scope:neversion:7.4

Trust: 0.3

vendor:siemensmodel:simatic pcs sp-2scope:neversion:79.0

Trust: 0.3

vendor:siemensmodel:simatic pcs sp-1scope:neversion:78.2

Trust: 0.3

vendor:siemensmodel:simatic pcs siemens simatic winccscope:eqversion:7<=v8.0<=v7.2

Trust: 0.2

vendor:siemensmodel:simatic wincc siemens simatic wincc professional (tia portal siemens simatic wincc professional (tia portal siemens simatic wscope:eqversion:v7.4v15)v14)

Trust: 0.2

vendor:siemensmodel:simatic wincc runtime professional siemens simatic winccscope:eqversion:v15v7.5

Trust: 0.2

sources: IVD: 69364700-0a59-4c18-a969-e06b68873d4f // CNVD: CNVD-2019-22244 // BID: 109127 // JVNDB: JVNDB-2019-006590 // NVD: CVE-2019-10935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10935
value: HIGH

Trust: 1.0

NVD: CVE-2019-10935
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-22244
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-609
value: HIGH

Trust: 0.6

IVD: 69364700-0a59-4c18-a969-e06b68873d4f
value: HIGH

Trust: 0.2

VULHUB: VHN-142531
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-10935
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10935
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-22244
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 69364700-0a59-4c18-a969-e06b68873d4f
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142531
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10935
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 69364700-0a59-4c18-a969-e06b68873d4f // CNVD: CNVD-2019-22244 // VULHUB: VHN-142531 // VULMON: CVE-2019-10935 // JVNDB: JVNDB-2019-006590 // CNNVD: CNNVD-201907-609 // NVD: CVE-2019-10935

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-142531 // JVNDB: JVNDB-2019-006590 // NVD: CVE-2019-10935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-609

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-609

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006590

PATCH

title:SSA-121293url:https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf

Trust: 0.8

title:Patch for Multiple Siemens product code upload vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/168509

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=9f83ea9c05726639cd4642c3972ec527

Trust: 0.1

sources: CNVD: CNVD-2019-22244 // VULMON: CVE-2019-10935 // JVNDB: JVNDB-2019-006590

EXTERNAL IDS

db:NVDid:CVE-2019-10935

Trust: 2.9

db:SIEMENSid:SSA-121293

Trust: 2.4

db:ICS CERTid:ICSA-19-192-02

Trust: 1.7

db:BIDid:109127

Trust: 1.1

db:CNVDid:CNVD-2019-22244

Trust: 0.8

db:JVNDBid:JVNDB-2019-006590

Trust: 0.8

db:CNNVDid:CNNVD-201907-609

Trust: 0.7

db:AUSCERTid:ESB-2019.2574

Trust: 0.6

db:IVDid:69364700-0A59-4C18-A969-E06B68873D4F

Trust: 0.2

db:VULHUBid:VHN-142531

Trust: 0.1

db:VULMONid:CVE-2019-10935

Trust: 0.1

sources: IVD: 69364700-0a59-4c18-a969-e06b68873d4f // CNVD: CNVD-2019-22244 // VULHUB: VHN-142531 // VULMON: CVE-2019-10935 // BID: 109127 // JVNDB: JVNDB-2019-006590 // CNNVD: CNNVD-201907-609 // NVD: CVE-2019-10935

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf

Trust: 2.4

url:https://www.us-cert.gov/ics/advisories/icsa-19-192-02

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-10935

Trust: 1.4

url:https://www.securityfocus.com/bid/109127

Trust: 1.3

url:http://subscriber.communications.siemens.com/

Trust: 0.9

url:https://new.siemens.com/global/en/products/services/cert.html#securitypublications

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10935

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.2574/

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-pcs7-wincc-file-upload-via-datamonitor-29733

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/434.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/163660

Trust: 0.1

sources: CNVD: CNVD-2019-22244 // VULHUB: VHN-142531 // VULMON: CVE-2019-10935 // BID: 109127 // JVNDB: JVNDB-2019-006590 // CNNVD: CNNVD-201907-609 // NVD: CVE-2019-10935

CREDITS

Xuchen Zhu from ZheJiang Guoli Security Technology CNCERT/CC

Trust: 0.6

sources: CNNVD: CNNVD-201907-609

SOURCES

db:IVDid:69364700-0a59-4c18-a969-e06b68873d4f
db:CNVDid:CNVD-2019-22244
db:VULHUBid:VHN-142531
db:VULMONid:CVE-2019-10935
db:BIDid:109127
db:JVNDBid:JVNDB-2019-006590
db:CNNVDid:CNNVD-201907-609
db:NVDid:CVE-2019-10935

LAST UPDATE DATE

2024-08-14T14:51:06.779000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-22244date:2019-10-15T00:00:00
db:VULHUBid:VHN-142531date:2019-10-10T00:00:00
db:VULMONid:CVE-2019-10935date:2019-10-10T00:00:00
db:BIDid:109127date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-006590date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-609date:2019-10-14T00:00:00
db:NVDid:CVE-2019-10935date:2019-10-10T14:15:14.580

SOURCES RELEASE DATE

db:IVDid:69364700-0a59-4c18-a969-e06b68873d4fdate:2019-07-12T00:00:00
db:CNVDid:CNVD-2019-22244date:2019-07-12T00:00:00
db:VULHUBid:VHN-142531date:2019-07-11T00:00:00
db:VULMONid:CVE-2019-10935date:2019-07-11T00:00:00
db:BIDid:109127date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-006590date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-609date:2019-07-10T00:00:00
db:NVDid:CVE-2019-10935date:2019-07-11T22:15:11.797