ID

VAR-201909-1432


CVE

CVE-2019-10937


TITLE

Siemens SIMATIC TDC CP51M1 Input validation error vulnerability

Trust: 0.8

sources: IVD: 7a208d00-84ef-4b64-978a-6512224c25cd // CNNVD: CNNVD-201909-434

DESCRIPTION

A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC TDC CP51M1 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC TDC CP51M1 is an industrial Ethernet communication module for the SIMATIC TDC automation system from Siemens AG, Germany. An input validation error vulnerability exists in the Siemens SIMATIC TDC CP51M1 version prior to 1.1.7

Trust: 2.34

sources: NVD: CVE-2019-10937 // JVNDB: JVNDB-2019-009301 // CNVD: CNVD-2019-31387 // IVD: 7a208d00-84ef-4b64-978a-6512224c25cd

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 7a208d00-84ef-4b64-978a-6512224c25cd // CNVD: CNVD-2019-31387

AFFECTED PRODUCTS

vendor:siemensmodel:simatic tdc cp51m1scope:ltversion:1.1.7

Trust: 2.4

vendor:siemensmodel:simatic tdc cp51m1scope:eqversion: -

Trust: 0.6

vendor:simatic tdc cp51m1model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7a208d00-84ef-4b64-978a-6512224c25cd // CNVD: CNVD-2019-31387 // JVNDB: JVNDB-2019-009301 // CNNVD: CNNVD-201909-434 // NVD: CVE-2019-10937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10937
value: HIGH

Trust: 1.0

NVD: CVE-2019-10937
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-31387
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-434
value: HIGH

Trust: 0.6

IVD: 7a208d00-84ef-4b64-978a-6512224c25cd
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-10937
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-31387
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7a208d00-84ef-4b64-978a-6512224c25cd
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-10937
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10937
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7a208d00-84ef-4b64-978a-6512224c25cd // CNVD: CNVD-2019-31387 // JVNDB: JVNDB-2019-009301 // CNNVD: CNNVD-201909-434 // NVD: CVE-2019-10937

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-009301 // NVD: CVE-2019-10937

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-434

TYPE

Input validation error

Trust: 0.8

sources: IVD: 7a208d00-84ef-4b64-978a-6512224c25cd // CNNVD: CNNVD-201909-434

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009301

PATCH

title:SSA-250618url:https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf

Trust: 0.8

title:Siemens SIMATIC TDC CP51M1 input verification error vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/180401

Trust: 0.6

title:Siemens SIMATIC TDC CP51M1 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98028

Trust: 0.6

sources: CNVD: CNVD-2019-31387 // JVNDB: JVNDB-2019-009301 // CNNVD: CNNVD-201909-434

EXTERNAL IDS

db:NVDid:CVE-2019-10937

Trust: 3.2

db:ICS CERTid:ICSA-19-253-05

Trust: 3.0

db:SIEMENSid:SSA-250618

Trust: 1.6

db:CNVDid:CNVD-2019-31387

Trust: 0.8

db:CNNVDid:CNNVD-201909-434

Trust: 0.8

db:JVNDBid:JVNDB-2019-009301

Trust: 0.8

db:AUSCERTid:ESB-2019.3446

Trust: 0.6

db:IVDid:7A208D00-84EF-4B64-978A-6512224C25CD

Trust: 0.2

sources: IVD: 7a208d00-84ef-4b64-978a-6512224c25cd // CNVD: CNVD-2019-31387 // JVNDB: JVNDB-2019-009301 // CNNVD: CNNVD-201909-434 // NVD: CVE-2019-10937

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-253-05

Trust: 3.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-10937

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10937

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3446/

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-tdc-cp51m1-denial-of-service-via-udp-30285

Trust: 0.6

sources: CNVD: CNVD-2019-31387 // JVNDB: JVNDB-2019-009301 // CNNVD: CNNVD-201909-434 // NVD: CVE-2019-10937

SOURCES

db:IVDid:7a208d00-84ef-4b64-978a-6512224c25cd
db:CNVDid:CNVD-2019-31387
db:JVNDBid:JVNDB-2019-009301
db:CNNVDid:CNNVD-201909-434
db:NVDid:CVE-2019-10937

LAST UPDATE DATE

2024-08-14T15:33:48.765000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-31387date:2019-09-16T00:00:00
db:JVNDBid:JVNDB-2019-009301date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201909-434date:2019-09-30T00:00:00
db:NVDid:CVE-2019-10937date:2019-09-24T20:15:11.620

SOURCES RELEASE DATE

db:IVDid:7a208d00-84ef-4b64-978a-6512224c25cddate:2019-09-16T00:00:00
db:CNVDid:CNVD-2019-31387date:2019-09-16T00:00:00
db:JVNDBid:JVNDB-2019-009301date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-434date:2019-09-10T00:00:00
db:NVDid:CVE-2019-10937date:2019-09-13T17:15:11.427