CVE-2019-10930 Information

Share on:

Description

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ) DIGSI 5 engineering software (All versions V7.90) SIPROTEC 5 device types 6MD85 6MD86 6MD89 7UM85 7SA87 7SD87 7SL87 7VK87 7SA82 7SA86 7SD82 7SD86 7SL82 7SL86 7SJ86 7SK82 7SK85 7SJ82 7SJ85 7UT82 7UT85 7UT86 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions V7.90) SIPROTEC 5 device types 7SS85 and 7KE85 (All versions V8.01) SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload download or delete files in certain parts of the file system.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5