Details of VAR-201908-1837

ID

VAR-201908-1837

CVE

CVE-2019-10942

TITLE

plural SCALANCE Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008097

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. SCALANCE X-200 , X-200IRT , X-200RNA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SCALANCE X is a series of industrial Ethernet switches launched by Siemens. The Siemens SCALANCE X series has an uncontrolled resource consumption vulnerability. Siemens SCALANCE X-200IRT is a tool produced by Siemensindustrial . The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.25

sources: NVD: CVE-2019-10942 // JVNDB: JVNDB-2019-008097 // CNVD: CNVD-2020-10474 // VULHUB: VHN-142539

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-10474

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance x-200rna	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	scalance x-200irt	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x-200rna	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x-200	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	scalance x-200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x-200irt	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance x-200irt switch family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	scalance switch family	scope:	eq	version:	x-200	Trust: 0.6

sources: CNVD: CNVD-2020-10474 // JVNDB: JVNDB-2019-008097 // NVD: CVE-2019-10942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10942
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10942
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-10474
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-896
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142539
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10942
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-10474
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-142539
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10942
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10942
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-10474 // VULHUB: VHN-142539 // JVNDB: JVNDB-2019-008097 // CNNVD: CNNVD-201908-896 // NVD: CVE-2019-10942

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-142539 // JVNDB: JVNDB-2019-008097 // NVD: CVE-2019-10942

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-896

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-896

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008097

PATCH

title:	SSA-100232	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf	Trust: 0.8
title:	Patch for Siemens SCALANCE X Series Uncontrolled Resource Consumption Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/201853	Trust: 0.6

sources: CNVD: CNVD-2020-10474 // JVNDB: JVNDB-2019-008097

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10942	Trust: 3.1
db:	ICS CERT	id:	ICSA-19-225-03	Trust: 2.0
db:	SIEMENS	id:	SSA-100232	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-008097	Trust: 0.8
db:	CNVD	id:	CNVD-2020-10474	Trust: 0.7
db:	CNNVD	id:	CNNVD-201908-896	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3106	Trust: 0.6
db:	VULHUB	id:	VHN-142539	Trust: 0.1

sources: CNVD: CNVD-2020-10474 // VULHUB: VHN-142539 // JVNDB: JVNDB-2019-008097 // CNNVD: CNNVD-201908-896 // NVD: CVE-2019-10942

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-225-03	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10942	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10942	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-225-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3106/	Trust: 0.6

sources: CNVD: CNVD-2020-10474 // VULHUB: VHN-142539 // JVNDB: JVNDB-2019-008097 // CNNVD: CNNVD-201908-896 // NVD: CVE-2019-10942

CREDITS

Younes Dragoni and Alessandro Di Pinto from Nozomi Networks and Artem Zinenko from Kaspersky reported these vulnerability details to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-201908-896

SOURCES

db:	CNVD	id:	CNVD-2020-10474
db:	VULHUB	id:	VHN-142539
db:	JVNDB	id:	JVNDB-2019-008097
db:	CNNVD	id:	CNNVD-201908-896
db:	NVD	id:	CVE-2019-10942

LAST UPDATE DATE

2024-08-14T14:38:46.402000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-10474	date:	2020-02-19T00:00:00
db:	VULHUB	id:	VHN-142539	date:	2020-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-008097	date:	2019-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-896	date:	2022-02-11T00:00:00
db:	NVD	id:	CVE-2019-10942	date:	2022-02-09T16:15:10.667

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-10474	date:	2020-02-18T00:00:00
db:	VULHUB	id:	VHN-142539	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-008097	date:	2019-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201908-896	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-10942	date:	2019-08-13T19:15:15.453