ID

VAR-201912-1174


CVE

CVE-2019-13943


TITLE

Siemens EN100 Ethernet Module Cross-Site Scripting Vulnerability

Trust: 1.4

sources: IVD: 2581a7b4-9194-4531-b546-615d62ec45c9 // CNVD: CNVD-2019-46392 // CNNVD: CNNVD-201912-408

DESCRIPTION

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known. plural EN100 Ethernet The module contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

Trust: 2.34

sources: NVD: CVE-2019-13943 // JVNDB: JVNDB-2019-013231 // CNVD: CNVD-2019-46392 // IVD: 2581a7b4-9194-4531-b546-615d62ec45c9

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2581a7b4-9194-4531-b546-615d62ec45c9 // CNVD: CNVD-2019-46392

AFFECTED PRODUCTS

vendor:siemensmodel:en100 ethernet module with variant iec 61850scope:ltversion:4.37

Trust: 1.0

vendor:siemensmodel:en100 ethernet module with variant dnp3 tcpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:en100 ethernet module with variant iec104scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:en100 ethernet module with variant modbus tcpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:en100 ethernet module with variant profinet ioscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:en100 ethernet module dnp3scope: - version: -

Trust: 0.8

vendor:siemensmodel:en100 ethernet module iec 104scope: - version: -

Trust: 0.8

vendor:siemensmodel:en100 ethernet module iec 61850scope:ltversion:4.37

Trust: 0.8

vendor:siemensmodel:en100 ethernet module modbus tcpscope: - version: -

Trust: 0.8

vendor:siemensmodel:en100 ethernet module profinet ioscope: - version: -

Trust: 0.8

vendor:siemensmodel:en100 ethernet module profinet io variantscope: - version: -

Trust: 0.6

vendor:siemensmodel:en100 ethernet module modbus tcp variantscope: - version: -

Trust: 0.6

vendor:siemensmodel:en100 ethernet module dnp3 variantscope: - version: -

Trust: 0.6

vendor:siemensmodel:en100 ethernet module iec variantscope:eqversion:61850<v4.37

Trust: 0.6

vendor:siemensmodel:en100 ethernet module iec104 variantscope: - version: -

Trust: 0.6

vendor:siemensmodel:en100 ethernet module with variant iec104scope: - version: -

Trust: 0.6

vendor:siemensmodel:en100 ethernet module with variant profinet ioscope: - version: -

Trust: 0.6

vendor:siemensmodel:en100 ethernet modulescope:eqversion: -

Trust: 0.6

vendor:siemensmodel:en100 ethernet module with variant modbus tcpscope: - version: -

Trust: 0.6

vendor:siemensmodel:en100 ethernet module with variant dnp3 tcpscope: - version: -

Trust: 0.6

vendor:en100 ethernet module with variant dnp3 tcpmodel: - scope:eqversion:*

Trust: 0.2

vendor:en100 ethernet module with variant iec104model: - scope:eqversion:*

Trust: 0.2

vendor:en100 ethernet module with variant iec 61850model: - scope:eqversion:*

Trust: 0.2

vendor:en100 ethernet module with variant modbus tcpmodel: - scope:eqversion:*

Trust: 0.2

vendor:en100 ethernet module with variant profinet iomodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 2581a7b4-9194-4531-b546-615d62ec45c9 // CNVD: CNVD-2019-46392 // JVNDB: JVNDB-2019-013231 // CNNVD: CNNVD-201912-408 // NVD: CVE-2019-13943

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13943
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13943
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-46392
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-408
value: MEDIUM

Trust: 0.6

IVD: 2581a7b4-9194-4531-b546-615d62ec45c9
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-13943
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-46392
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2581a7b4-9194-4531-b546-615d62ec45c9
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13943
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-13943
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 2581a7b4-9194-4531-b546-615d62ec45c9 // CNVD: CNVD-2019-46392 // JVNDB: JVNDB-2019-013231 // CNNVD: CNNVD-201912-408 // NVD: CVE-2019-13943

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-013231 // NVD: CVE-2019-13943

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-408

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201912-408

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013231

PATCH

title:SSA-418979url:https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf

Trust: 0.8

title:Patch for Siemens EN100 Ethernet Module Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/194749

Trust: 0.6

sources: CNVD: CNVD-2019-46392 // JVNDB: JVNDB-2019-013231

EXTERNAL IDS

db:NVDid:CVE-2019-13943

Trust: 3.2

db:ICS CERTid:ICSA-19-344-07

Trust: 2.4

db:SIEMENSid:SSA-418979

Trust: 1.6

db:CNVDid:CNVD-2019-46392

Trust: 0.8

db:CNNVDid:CNNVD-201912-408

Trust: 0.8

db:JVNDBid:JVNDB-2019-013231

Trust: 0.8

db:AUSCERTid:ESB-2019.4620

Trust: 0.6

db:IVDid:2581A7B4-9194-4531-B546-615D62EC45C9

Trust: 0.2

sources: IVD: 2581a7b4-9194-4531-b546-615d62ec45c9 // CNVD: CNVD-2019-46392 // JVNDB: JVNDB-2019-013231 // CNNVD: CNNVD-201912-408 // NVD: CVE-2019-13943

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-344-07

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13943

Trust: 2.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13943

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.4620/

Trust: 0.6

sources: CNVD: CNVD-2019-46392 // JVNDB: JVNDB-2019-013231 // CNNVD: CNNVD-201912-408 // NVD: CVE-2019-13943

SOURCES

db:IVDid:2581a7b4-9194-4531-b546-615d62ec45c9
db:CNVDid:CNVD-2019-46392
db:JVNDBid:JVNDB-2019-013231
db:CNNVDid:CNNVD-201912-408
db:NVDid:CVE-2019-13943

LAST UPDATE DATE

2024-11-23T21:51:48.327000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-46392date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013231date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-408date:2019-12-27T00:00:00
db:NVDid:CVE-2019-13943date:2024-11-21T04:25:44.693

SOURCES RELEASE DATE

db:IVDid:2581a7b4-9194-4531-b546-615d62ec45c9date:2019-12-20T00:00:00
db:CNVDid:CNVD-2019-46392date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013231date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-408date:2019-12-10T00:00:00
db:NVDid:CVE-2019-13943date:2019-12-12T19:15:15.077