Details of VAR-201912-1173

ID

VAR-201912-1173

CVE

CVE-2019-13942

TITLE

Siemens EN100 Ethernet Module Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: d3c7b9a9-9ed6-4d72-8586-5c440a2d2971 // CNVD: CNVD-2019-46393

DESCRIPTION

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known. plural EN100 Ethernet The module contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 2.34

sources: NVD: CVE-2019-13942 // JVNDB: JVNDB-2019-013230 // CNVD: CNVD-2019-46393 // IVD: d3c7b9a9-9ed6-4d72-8586-5c440a2d2971

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d3c7b9a9-9ed6-4d72-8586-5c440a2d2971 // CNVD: CNVD-2019-46393

AFFECTED PRODUCTS

vendor:	siemens	model:	en100 ethernet module with variant iec 61850	scope:	lt	version:	4.37	Trust: 1.0
vendor:	siemens	model:	en100 ethernet module with variant dnp3 tcp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	en100 ethernet module with variant iec104	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	en100 ethernet module with variant modbus tcp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	en100 ethernet module with variant profinet io	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	en100 ethernet module dnp3	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module iec 104	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module iec 61850	scope:	lt	version:	4.37	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module modbus tcp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module profinet io	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module profinet io variant	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	en100 ethernet module modbus tcp variant	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	en100 ethernet module dnp3 variant	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	en100 ethernet module iec variant	scope:	eq	version:	61850<v4.37	Trust: 0.6
vendor:	siemens	model:	en100 ethernet module iec104 variant	scope:	-	version:	-	Trust: 0.6
vendor:	en100 ethernet module with variant dnp3 tcp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	en100 ethernet module with variant iec104	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	en100 ethernet module with variant iec 61850	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	en100 ethernet module with variant modbus tcp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	en100 ethernet module with variant profinet io	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: d3c7b9a9-9ed6-4d72-8586-5c440a2d2971 // CNVD: CNVD-2019-46393 // JVNDB: JVNDB-2019-013230 // NVD: CVE-2019-13942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13942
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13942
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-46393
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-411
value:	HIGH
Trust: 0.6
IVD:	d3c7b9a9-9ed6-4d72-8586-5c440a2d2971
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-13942
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-46393
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d3c7b9a9-9ed6-4d72-8586-5c440a2d2971
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-13942
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13942
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: d3c7b9a9-9ed6-4d72-8586-5c440a2d2971 // CNVD: CNVD-2019-46393 // JVNDB: JVNDB-2019-013230 // CNNVD: CNNVD-201912-411 // NVD: CVE-2019-13942

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2019-013230 // NVD: CVE-2019-13942

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-411

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-411

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013230

PATCH

title:	SSA-418979	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf	Trust: 0.8
title:	Patch for Siemens EN100 Ethernet Module Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/194747	Trust: 0.6

sources: CNVD: CNVD-2019-46393 // JVNDB: JVNDB-2019-013230

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13942	Trust: 3.2
db:	ICS CERT	id:	ICSA-19-344-07	Trust: 2.4
db:	SIEMENS	id:	SSA-418979	Trust: 1.6
db:	CNVD	id:	CNVD-2019-46393	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-411	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013230	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.4620.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4620	Trust: 0.6
db:	IVD	id:	D3C7B9A9-9ED6-4D72-8586-5C440A2D2971	Trust: 0.2

sources: IVD: d3c7b9a9-9ed6-4d72-8586-5c440a2d2971 // CNVD: CNVD-2019-46393 // JVNDB: JVNDB-2019-013230 // CNNVD: CNNVD-201912-411 // NVD: CVE-2019-13942

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-344-07	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13942	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13942	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.4620/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4620.2/	Trust: 0.6

sources: CNVD: CNVD-2019-46393 // JVNDB: JVNDB-2019-013230 // CNNVD: CNNVD-201912-411 // NVD: CVE-2019-13942

SOURCES

db:	IVD	id:	d3c7b9a9-9ed6-4d72-8586-5c440a2d2971
db:	CNVD	id:	CNVD-2019-46393
db:	JVNDB	id:	JVNDB-2019-013230
db:	CNNVD	id:	CNNVD-201912-411
db:	NVD	id:	CVE-2019-13942

LAST UPDATE DATE

2024-11-23T21:51:48.358000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-46393	date:	2019-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-013230	date:	2019-12-23T00:00:00
db:	CNNVD	id:	CNNVD-201912-411	date:	2020-06-09T00:00:00
db:	NVD	id:	CVE-2019-13942	date:	2024-11-21T04:25:44.567

SOURCES RELEASE DATE

db:	IVD	id:	d3c7b9a9-9ed6-4d72-8586-5c440a2d2971	date:	2019-12-20T00:00:00
db:	CNVD	id:	CNVD-2019-46393	date:	2019-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-013230	date:	2019-12-23T00:00:00
db:	CNNVD	id:	CNNVD-201912-411	date:	2019-12-10T00:00:00
db:	NVD	id:	CVE-2019-13942	date:	2019-12-12T19:15:14.997