ID

VAR-201908-1967


CVE

CVE-2019-10927


TITLE

plural SCALANCE Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008094

DESCRIPTION

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device. plural SCALANCE The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SCALANCE SC firewall is used to protect trusted industrial networks from untrusted networks. It allows filtering of input and output network connections in different ways. SCALANCE X switches a are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A denial of service vulnerability exists in several Siemens products. Siemens SCALANCE SC-600, etc. are all products of Siemens (Siemens) in Germany. Siemens SCALANCE SC-600 is an industrial security device. SCALANCE XB-200 is a managed industrial Ethernet switch. SCALANCE XR-300WG is a rack-mounted managed switch. The vulnerability stems from the failure of the network system or product to properly validate the input data. 1 version, SCALANCE XR-300WG V4.1 version

Trust: 2.97

sources: NVD: CVE-2019-10927 // JVNDB: JVNDB-2019-008094 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // VULHUB: VHN-142522

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xb-200scope:eqversion:4.1

Trust: 1.8

vendor:siemensmodel:scalance xc-200scope:eqversion:4.1

Trust: 1.8

vendor:siemensmodel:scalance xf-200bascope:eqversion:4.1

Trust: 1.8

vendor:siemensmodel:scalance xp-200scope:eqversion:4.1

Trust: 1.8

vendor:siemensmodel:scalance xr-300wgscope:eqversion:4.1

Trust: 1.8

vendor:siemensmodel:scalance xb-200scope:eqversion:v4.1

Trust: 0.6

vendor:siemensmodel:scalance xc-200scope:eqversion:v4.1

Trust: 0.6

vendor:siemensmodel:scalance xf-200bascope:eqversion:v4.1

Trust: 0.6

vendor:siemensmodel:scalance xp-200scope:eqversion:v4.1

Trust: 0.6

vendor:siemensmodel:scalance xr-300wgscope:eqversion:v4.1

Trust: 0.6

vendor:siemensmodel:scalance sc-600scope:eqversion:v2.0

Trust: 0.6

vendor:scalance xb 200model: - scope:eqversion:4.1

Trust: 0.2

vendor:scalance xc 200model: - scope:eqversion:4.1

Trust: 0.2

vendor:scalance xf 200bamodel: - scope:eqversion:4.1

Trust: 0.2

vendor:scalance xp 200model: - scope:eqversion:4.1

Trust: 0.2

vendor:scalance xr 300wgmodel: - scope:eqversion:4.1

Trust: 0.2

sources: IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // JVNDB: JVNDB-2019-008094 // NVD: CVE-2019-10927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10927
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10927
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-27702
value: HIGH

Trust: 0.6

CNVD: CNVD-2019-27706
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-891
value: MEDIUM

Trust: 0.6

IVD: 500b373e-f73d-435e-97a3-e56d272baed8
value: MEDIUM

Trust: 0.2

VULHUB: VHN-142522
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10927
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-27702
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2019-27706
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 500b373e-f73d-435e-97a3-e56d272baed8
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142522
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10927
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10927
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // VULHUB: VHN-142522 // JVNDB: JVNDB-2019-008094 // CNNVD: CNNVD-201908-891 // NVD: CVE-2019-10927

PROBLEMTYPE DATA

problemtype:CWE-703

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-142522 // JVNDB: JVNDB-2019-008094 // NVD: CVE-2019-10927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-891

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-891

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008094

PATCH

title:SSA-671286url:https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf

Trust: 0.8

title:Patches for several Siemens Product Denial of Service Vulnerabilities (CNVD-2019-27702)url:https://www.cnvd.org.cn/patchInfo/show/175783

Trust: 0.6

title:Patch for Siemens SCALANCE SC-600 Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/175789

Trust: 0.6

sources: CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // JVNDB: JVNDB-2019-008094

EXTERNAL IDS

db:NVDid:CVE-2019-10927

Trust: 3.3

db:SIEMENSid:SSA-671286

Trust: 2.9

db:ICS CERTid:ICSA-19-227-03

Trust: 1.4

db:CNNVDid:CNNVD-201908-891

Trust: 0.9

db:CNVDid:CNVD-2019-27702

Trust: 0.8

db:JVNDBid:JVNDB-2019-008094

Trust: 0.8

db:CNVDid:CNVD-2019-27706

Trust: 0.6

db:AUSCERTid:ESB-2019.3149

Trust: 0.6

db:IVDid:500B373E-F73D-435E-97A3-E56D272BAED8

Trust: 0.2

db:VULHUBid:VHN-142522

Trust: 0.1

sources: IVD: 500b373e-f73d-435e-97a3-e56d272baed8 // CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // VULHUB: VHN-142522 // JVNDB: JVNDB-2019-008094 // CNNVD: CNNVD-201908-891 // NVD: CVE-2019-10927

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf

Trust: 2.9

url:https://www.us-cert.gov/ics/advisories/icsa-19-227-03

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-10927

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10927

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-227-03

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3149/

Trust: 0.6

sources: CNVD: CNVD-2019-27702 // CNVD: CNVD-2019-27706 // VULHUB: VHN-142522 // JVNDB: JVNDB-2019-008094 // CNNVD: CNNVD-201908-891 // NVD: CVE-2019-10927

SOURCES

db:IVDid:500b373e-f73d-435e-97a3-e56d272baed8
db:CNVDid:CNVD-2019-27702
db:CNVDid:CNVD-2019-27706
db:VULHUBid:VHN-142522
db:JVNDBid:JVNDB-2019-008094
db:CNNVDid:CNNVD-201908-891
db:NVDid:CVE-2019-10927

LAST UPDATE DATE

2024-08-14T14:04:17.139000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-27702date:2019-08-15T00:00:00
db:CNVDid:CNVD-2019-27706date:2019-08-15T00:00:00
db:VULHUBid:VHN-142522date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008094date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-891date:2022-03-11T00:00:00
db:NVDid:CVE-2019-10927date:2021-10-28T13:32:45.090

SOURCES RELEASE DATE

db:IVDid:500b373e-f73d-435e-97a3-e56d272baed8date:2019-08-15T00:00:00
db:CNVDid:CNVD-2019-27702date:2019-08-15T00:00:00
db:CNVDid:CNVD-2019-27706date:2019-08-15T00:00:00
db:VULHUBid:VHN-142522date:2019-08-13T00:00:00
db:JVNDBid:JVNDB-2019-008094date:2019-08-26T00:00:00
db:CNNVDid:CNNVD-201908-891date:2019-08-13T00:00:00
db:NVDid:CVE-2019-10927date:2019-08-13T19:15:14.687