ID

VAR-201908-1837


CVE

CVE-2019-10942


TITLE

plural SCALANCE Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008097

DESCRIPTION

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. SCALANCE X-200 , X-200IRT , X-200RNA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SCALANCE X is a series of industrial Ethernet switches launched by Siemens. The Siemens SCALANCE X series has an uncontrolled resource consumption vulnerability. Siemens SCALANCE X-200IRT is a tool produced by Siemensindustrial . The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.25

sources: NVD: CVE-2019-10942 // JVNDB: JVNDB-2019-008097 // CNVD: CNVD-2020-10474 // VULHUB: VHN-142539

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-10474

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x-200rnascope: - version: -

Trust: 1.4

vendor:siemensmodel:scalance x-200irtscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200rnascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-200irtscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-200irt switch familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalance switch familyscope:eqversion:x-200

Trust: 0.6

sources: CNVD: CNVD-2020-10474 // JVNDB: JVNDB-2019-008097 // NVD: CVE-2019-10942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10942
value: HIGH

Trust: 1.0

NVD: CVE-2019-10942
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-10474
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-896
value: HIGH

Trust: 0.6

VULHUB: VHN-142539
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10942
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-10474
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-142539
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10942
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2019-10942
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-10474 // VULHUB: VHN-142539 // JVNDB: JVNDB-2019-008097 // CNNVD: CNNVD-201908-896 // NVD: CVE-2019-10942

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-142539 // JVNDB: JVNDB-2019-008097 // NVD: CVE-2019-10942

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-896

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-896

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008097

PATCH

title:SSA-100232url:https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf

Trust: 0.8

title:Patch for Siemens SCALANCE X Series Uncontrolled Resource Consumption Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/201853

Trust: 0.6

sources: CNVD: CNVD-2020-10474 // JVNDB: JVNDB-2019-008097

EXTERNAL IDS

db:NVDid:CVE-2019-10942

Trust: 3.1

db:ICS CERTid:ICSA-19-225-03

Trust: 2.0

db:SIEMENSid:SSA-100232

Trust: 1.7

db:JVNDBid:JVNDB-2019-008097

Trust: 0.8

db:CNVDid:CNVD-2020-10474

Trust: 0.7

db:CNNVDid:CNNVD-201908-896

Trust: 0.7

db:AUSCERTid:ESB-2019.3106

Trust: 0.6

db:VULHUBid:VHN-142539

Trust: 0.1

sources: CNVD: CNVD-2020-10474 // VULHUB: VHN-142539 // JVNDB: JVNDB-2019-008097 // CNNVD: CNNVD-201908-896 // NVD: CVE-2019-10942

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-225-03

Trust: 2.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-10942

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10942

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-225-03

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3106/

Trust: 0.6

sources: CNVD: CNVD-2020-10474 // VULHUB: VHN-142539 // JVNDB: JVNDB-2019-008097 // CNNVD: CNNVD-201908-896 // NVD: CVE-2019-10942

CREDITS

Younes Dragoni and Alessandro Di Pinto from Nozomi Networks and Artem Zinenko from Kaspersky reported these vulnerability details to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-201908-896

SOURCES

db:CNVDid:CNVD-2020-10474
db:VULHUBid:VHN-142539
db:JVNDBid:JVNDB-2019-008097
db:CNNVDid:CNNVD-201908-896
db:NVDid:CVE-2019-10942

LAST UPDATE DATE

2024-08-14T14:38:46.402000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-10474date:2020-02-19T00:00:00
db:VULHUBid:VHN-142539date:2020-10-02T00:00:00
db:JVNDBid:JVNDB-2019-008097date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-896date:2022-02-11T00:00:00
db:NVDid:CVE-2019-10942date:2022-02-09T16:15:10.667

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-10474date:2020-02-18T00:00:00
db:VULHUBid:VHN-142539date:2019-08-13T00:00:00
db:JVNDBid:JVNDB-2019-008097date:2019-08-26T00:00:00
db:CNNVDid:CNNVD-201908-896date:2019-08-13T00:00:00
db:NVDid:CVE-2019-10942date:2019-08-13T19:15:15.453