Details of VAR-201908-1967

ID

VAR-201908-1967

CVE

CVE-2019-10927

TITLE

plural SCALANCE Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008094

DESCRIPTION

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device. plural SCALANCE The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SCALANCE SC firewall is used to protect trusted industrial networks from untrusted networks. It allows filtering of input and output network connections in different ways. SCALANCE X switches a are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A denial of service vulnerability exists in several Siemens products. Siemens SCALANCE SC-600, etc. are all products of Siemens (Siemens) in Germany. Siemens SCALANCE SC-600 is an industrial security device. SCALANCE XB-200 is a managed industrial Ethernet switch. SCALANCE XR-300WG is a rack-mounted managed switch. The vulnerability stems from the failure of the network system or product to properly validate the input data. 1 version, SCALANCE XR-300WG V4.1 version

Trust: 2.97

sources: NVD: CVE-2019-10927 // JVNDB: JVNDB-2019-008094 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // VULHUB: VHN-142522

IOT TAXONOMY

category:	['ICS']	sub_category:	-	Trust: 0.8
category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6

sources: IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance xb-200	scope:	eq	version:	4.1	Trust: 1.8
vendor:	siemens	model:	scalance xc-200	scope:	eq	version:	4.1	Trust: 1.8
vendor:	siemens	model:	scalance xf-200ba	scope:	eq	version:	4.1	Trust: 1.8
vendor:	siemens	model:	scalance xp-200	scope:	eq	version:	4.1	Trust: 1.8
vendor:	siemens	model:	scalance xr-300wg	scope:	eq	version:	4.1	Trust: 1.8
vendor:	siemens	model:	scalance xb-200	scope:	eq	version:	v4.1	Trust: 0.6
vendor:	siemens	model:	scalance xc-200	scope:	eq	version:	v4.1	Trust: 0.6
vendor:	siemens	model:	scalance xf-200ba	scope:	eq	version:	v4.1	Trust: 0.6
vendor:	siemens	model:	scalance xp-200	scope:	eq	version:	v4.1	Trust: 0.6
vendor:	siemens	model:	scalance xr-300wg	scope:	eq	version:	v4.1	Trust: 0.6
vendor:	siemens	model:	scalance sc-600	scope:	eq	version:	v2.0	Trust: 0.6
vendor:	scalance xb 200	model:	-	scope:	eq	version:	4.1	Trust: 0.2
vendor:	scalance xc 200	model:	-	scope:	eq	version:	4.1	Trust: 0.2
vendor:	scalance xf 200ba	model:	-	scope:	eq	version:	4.1	Trust: 0.2
vendor:	scalance xp 200	model:	-	scope:	eq	version:	4.1	Trust: 0.2
vendor:	scalance xr 300wg	model:	-	scope:	eq	version:	4.1	Trust: 0.2

sources: IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // JVNDB: JVNDB-2019-008094 // NVD: CVE-2019-10927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10927
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10927
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-27702
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2019-27706
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201908-891
value:	MEDIUM
Trust: 0.6
IVD:	500b373e-f73d-435e-97a3-e56d272baed8
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-142522
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10927
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-27702
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2019-27706
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	500b373e-f73d-435e-97a3-e56d272baed8
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-142522
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10927
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10927
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // VULHUB: VHN-142522 // JVNDB: JVNDB-2019-008094 // CNNVD: CNNVD-201908-891 // NVD: CVE-2019-10927

PROBLEMTYPE DATA

problemtype:	CWE-703	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-142522 // JVNDB: JVNDB-2019-008094 // NVD: CVE-2019-10927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-891

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-891

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008094

PATCH

title:	SSA-671286	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf	Trust: 0.8
title:	Patches for several Siemens Product Denial of Service Vulnerabilities (CNVD-2019-27702)	url:	https://www.cnvd.org.cn/patchInfo/show/175783	Trust: 0.6
title:	Patch for Siemens SCALANCE SC-600 Command Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/175789	Trust: 0.6

sources: CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // JVNDB: JVNDB-2019-008094

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10927	Trust: 3.3
db:	SIEMENS	id:	SSA-671286	Trust: 2.9
db:	ICS CERT	id:	ICSA-19-227-03	Trust: 1.4
db:	CNNVD	id:	CNNVD-201908-891	Trust: 0.9
db:	CNVD	id:	CNVD-2019-27702	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-008094	Trust: 0.8
db:	CNVD	id:	CNVD-2019-27706	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3149	Trust: 0.6
db:	IVD	id:	500B373E-F73D-435E-97A3-E56D272BAED8	Trust: 0.2
db:	VULHUB	id:	VHN-142522	Trust: 0.1

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf	Trust: 2.9
url:	https://www.us-cert.gov/ics/advisories/icsa-19-227-03	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10927	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10927	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-227-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3149/	Trust: 0.6

sources: CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // VULHUB: VHN-142522 // JVNDB: JVNDB-2019-008094 // CNNVD: CNNVD-201908-891 // NVD: CVE-2019-10927

SOURCES

db:	IVD	id:	500b373e-f73d-435e-97a3-e56d272baed8
db:	CNVD	id:	CNVD-2019-27702
db:	CNVD	id:	CNVD-2019-27706
db:	VULHUB	id:	VHN-142522
db:	JVNDB	id:	JVNDB-2019-008094
db:	CNNVD	id:	CNNVD-201908-891
db:	NVD	id:	CVE-2019-10927

LAST UPDATE DATE

2024-08-14T14:04:17.139000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-27702	date:	2019-08-15T00:00:00
db:	CNVD	id:	CNVD-2019-27706	date:	2019-08-15T00:00:00
db:	VULHUB	id:	VHN-142522	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-008094	date:	2019-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-891	date:	2022-03-11T00:00:00
db:	NVD	id:	CVE-2019-10927	date:	2021-10-28T13:32:45.090

SOURCES RELEASE DATE

db:	IVD	id:	500b373e-f73d-435e-97a3-e56d272baed8	date:	2019-08-15T00:00:00
db:	CNVD	id:	CNVD-2019-27702	date:	2019-08-15T00:00:00
db:	CNVD	id:	CNVD-2019-27706	date:	2019-08-15T00:00:00
db:	VULHUB	id:	VHN-142522	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-008094	date:	2019-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201908-891	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-10927	date:	2019-08-13T19:15:14.687