CVE-2019-10938

Опубликовано: 02 авг. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
Mitigation
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
Mitigation
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
Mitigation
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:*:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00487

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-5vvv-cppj-rx9m

github

больше 3 лет назад

A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device.