Details of VAR-201907-1639

ID

VAR-201907-1639

CVE

CVE-2019-10931

TITLE

SIPROTEC 5 Device and DIGSI 5 engineering software Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006589

DESCRIPTION

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition. SIPROTEC 5 Device and DIGSI 5 engineering software Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. A denial of service vulnerability exists in SiemensSIPROTEC5 and SiemensDIGISI5

Trust: 2.34

sources: NVD: CVE-2019-10931 // JVNDB: JVNDB-2019-006589 // CNVD: CNVD-2019-22240 // IVD: 4de0b993-d42c-4246-9afa-1db853a07e02

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 4de0b993-d42c-4246-9afa-1db853a07e02 // CNVD: CNVD-2019-22240

AFFECTED PRODUCTS

vendor:	siemens	model:	siprotec 5 digsi device driver	scope:	lt	version:	7.90	Trust: 1.0
vendor:	siemens	model:	siprotec 5 digsi device driver	scope:	lt	version:	8.01	Trust: 1.0
vendor:	siemens	model:	digsi 5 engineering software	scope:	lt	version:	7.90	Trust: 1.0
vendor:	siemens	model:	digsi 5 engineering software	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	siprotec 5 digsi device driver	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	digsi	scope:	eq	version:	5<v7.90	Trust: 0.6
vendor:	siemens	model:	siprotec	scope:	eq	version:	5	Trust: 0.6
vendor:	digsi 5 engineering	model:	-	scope:	eq	version:	7.90	Trust: 0.2
vendor:	siprotec 5 digsi device driver	model:	-	scope:	eq	version:	7.90	Trust: 0.2

sources: IVD: 4de0b993-d42c-4246-9afa-1db853a07e02 // CNVD: CNVD-2019-22240 // JVNDB: JVNDB-2019-006589 // NVD: CVE-2019-10931

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10931
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10931
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-22240
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-538
value:	HIGH
Trust: 0.6
IVD:	4de0b993-d42c-4246-9afa-1db853a07e02
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-10931
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-22240
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	4de0b993-d42c-4246-9afa-1db853a07e02
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-10931
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10931
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 4de0b993-d42c-4246-9afa-1db853a07e02 // CNVD: CNVD-2019-22240 // JVNDB: JVNDB-2019-006589 // CNNVD: CNNVD-201907-538 // NVD: CVE-2019-10931

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-248	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-006589 // NVD: CVE-2019-10931

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-538

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201907-538

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006589

PATCH

title:	SSA-899560	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf	Trust: 0.8
title:	Patch for SiemensSIPROTEC5 and SiemensDIGISI5 Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/168535	Trust: 0.6

sources: CNVD: CNVD-2019-22240 // JVNDB: JVNDB-2019-006589

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10931	Trust: 3.2
db:	SIEMENS	id:	SSA-899560	Trust: 2.2
db:	ICS CERT	id:	ICSA-19-190-05	Trust: 1.4
db:	CNVD	id:	CNVD-2019-22240	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-538	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-006589	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.2525	Trust: 0.6
db:	IVD	id:	4DE0B993-D42C-4246-9AFA-1DB853A07E02	Trust: 0.2

sources: IVD: 4de0b993-d42c-4246-9afa-1db853a07e02 // CNVD: CNVD-2019-22240 // JVNDB: JVNDB-2019-006589 // CNNVD: CNNVD-201907-538 // NVD: CVE-2019-10931

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf	Trust: 2.2
url:	https://www.us-cert.gov/ics/advisories/icsa-19-190-05	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10931	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10931	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2525/	Trust: 0.6

sources: CNVD: CNVD-2019-22240 // JVNDB: JVNDB-2019-006589 // CNNVD: CNNVD-201907-538 // NVD: CVE-2019-10931

CREDITS

Pierre Capillon and Jean-Baptiste Galet from ANSSI, Nicolas Iooss

Trust: 0.6

sources: CNNVD: CNNVD-201907-538

SOURCES

db:	IVD	id:	4de0b993-d42c-4246-9afa-1db853a07e02
db:	CNVD	id:	CNVD-2019-22240
db:	JVNDB	id:	JVNDB-2019-006589
db:	CNNVD	id:	CNNVD-201907-538
db:	NVD	id:	CVE-2019-10931

LAST UPDATE DATE

2024-11-23T22:06:07.106000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-22240	date:	2019-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-006589	date:	2019-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201907-538	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-10931	date:	2024-11-21T04:20:10.760

SOURCES RELEASE DATE

db:	IVD	id:	4de0b993-d42c-4246-9afa-1db853a07e02	date:	2019-07-12T00:00:00
db:	CNVD	id:	CNVD-2019-22240	date:	2019-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-006589	date:	2019-07-24T00:00:00
db:	CNNVD	id:	CNNVD-201907-538	date:	2019-07-10T00:00:00
db:	NVD	id:	CVE-2019-10931	date:	2019-07-11T22:15:11.640