ID

VAR-201907-1466


CVE

CVE-2019-10915


TITLE

Siemens TIA Administrator Authentication vulnerability

Trust: 0.8

sources: IVD: c0202593-9236-4865-9b2d-ebb56c677ca4 // CNVD: CNVD-2019-22235

DESCRIPTION

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. TIA Administrator Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SimaticWinCC (TIAPortal) is an engineering software for configuring and programming Simatic panels, Simatic industrial PCs and standard PCWinccruntime professional visualization software running WinCC RuntimeAdvanced or SCADA systems. An authentication vulnerability exists in SiemensTIAAdministrator. An attacker can exploit this issue to bypass the authentication mechanism or execute arbitrary commands. This may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2019-10915 // JVNDB: JVNDB-2019-007049 // CNVD: CNVD-2019-22235 // BID: 109124 // IVD: c0202593-9236-4865-9b2d-ebb56c677ca4

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: c0202593-9236-4865-9b2d-ebb56c677ca4 // CNVD: CNVD-2019-22235

AFFECTED PRODUCTS

vendor:siemensmodel:sinetplanscope:eqversion:2.0

Trust: 1.0

vendor:siemensmodel:tia administratorscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:tia administratorscope:ltversion:1.0 sp1 upd1

Trust: 0.8

vendor:siemensmodel:tia administrato sp1 upd1scope:ltversion:v1.0

Trust: 0.6

vendor:siemensmodel:tia administratorscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:tia administrator sp1 upd1scope:neversion:1.0

Trust: 0.3

vendor:tia administratormodel: - scope:eqversion:1.0

Trust: 0.2

sources: IVD: c0202593-9236-4865-9b2d-ebb56c677ca4 // CNVD: CNVD-2019-22235 // BID: 109124 // JVNDB: JVNDB-2019-007049 // NVD: CVE-2019-10915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10915
value: HIGH

Trust: 1.0

NVD: CVE-2019-10915
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-22235
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-692
value: HIGH

Trust: 0.6

IVD: c0202593-9236-4865-9b2d-ebb56c677ca4
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-10915
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-22235
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: c0202593-9236-4865-9b2d-ebb56c677ca4
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-10915
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10915
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: c0202593-9236-4865-9b2d-ebb56c677ca4 // CNVD: CNVD-2019-22235 // JVNDB: JVNDB-2019-007049 // CNNVD: CNNVD-201907-692 // NVD: CVE-2019-10915

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2019-007049 // NVD: CVE-2019-10915

THREAT TYPE

local

Trust: 0.9

sources: BID: 109124 // CNNVD: CNNVD-201907-692

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201907-692

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007049

PATCH

title:SSA-721298url:https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf

Trust: 0.8

title:SSA-834884url:https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf

Trust: 0.8

title:Patch for SiemensTIAAdministrator authentication vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/168525

Trust: 0.6

title:Siemens TIA Administrator Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95226

Trust: 0.6

sources: CNVD: CNVD-2019-22235 // JVNDB: JVNDB-2019-007049 // CNNVD: CNNVD-201907-692

EXTERNAL IDS

db:NVDid:CVE-2019-10915

Trust: 3.5

db:SIEMENSid:SSA-721298

Trust: 2.5

db:ICS CERTid:ICSA-19-253-02

Trust: 2.4

db:BIDid:109124

Trust: 1.9

db:ICS CERTid:ICSA-19-192-03

Trust: 1.7

db:SIEMENSid:SSA-834884

Trust: 1.6

db:CNVDid:CNVD-2019-22235

Trust: 0.8

db:CNNVDid:CNNVD-201907-692

Trust: 0.8

db:JVNDBid:JVNDB-2019-007049

Trust: 0.8

db:AUSCERTid:ESB-2019.3444

Trust: 0.6

db:AUSCERTid:ESB-2019.2587

Trust: 0.6

db:IVDid:C0202593-9236-4865-9B2D-EBB56C677CA4

Trust: 0.2

sources: IVD: c0202593-9236-4865-9b2d-ebb56c677ca4 // CNVD: CNVD-2019-22235 // BID: 109124 // JVNDB: JVNDB-2019-007049 // CNNVD: CNNVD-201907-692 // NVD: CVE-2019-10915

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf

Trust: 2.5

url:https://www.us-cert.gov/ics/advisories/icsa-19-253-02

Trust: 2.4

url:http://www.securityfocus.com/bid/109124

Trust: 2.2

url:https://www.us-cert.gov/ics/advisories/icsa-19-192-03

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-10915

Trust: 1.4

url:https://medium.com/tenable-techblog/nuclear-meltdown-with-critical-ics-vulnerabilities-8af3a1a13e6a

Trust: 0.9

url:http://www.siemens.com/

Trust: 0.9

url:https://github.com/tenable/poc/tree/master/siemens/tiaportal

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10915

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3444/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2587/

Trust: 0.6

sources: CNVD: CNVD-2019-22235 // BID: 109124 // JVNDB: JVNDB-2019-007049 // CNNVD: CNNVD-201907-692 // NVD: CVE-2019-10915

CREDITS

Joseph Bingham from Tenable.

Trust: 0.9

sources: BID: 109124 // CNNVD: CNNVD-201907-692

SOURCES

db:IVDid:c0202593-9236-4865-9b2d-ebb56c677ca4
db:CNVDid:CNVD-2019-22235
db:BIDid:109124
db:JVNDBid:JVNDB-2019-007049
db:CNNVDid:CNNVD-201907-692
db:NVDid:CVE-2019-10915

LAST UPDATE DATE

2024-08-14T13:44:53.169000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-22235date:2019-07-12T00:00:00
db:BIDid:109124date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-007049date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201907-692date:2020-10-28T00:00:00
db:NVDid:CVE-2019-10915date:2020-10-02T14:29:36.723

SOURCES RELEASE DATE

db:IVDid:c0202593-9236-4865-9b2d-ebb56c677ca4date:2019-07-12T00:00:00
db:CNVDid:CNVD-2019-22235date:2019-07-12T00:00:00
db:BIDid:109124date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-007049date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-692date:2019-07-11T00:00:00
db:NVDid:CVE-2019-10915date:2019-07-11T22:15:11.047