7.5

CVE-2019-10930

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.

Data is provided by the National Vulnerability Database (NVD)
SiemensDigsi 5 Engineering Software Version7.90
   Siemens6md85 Version-
   Siemens6md86 Version-
   Siemens6md89 Version-
   Siemens7sa82 Version-
   Siemens7sa86 Version-
   Siemens7sa87 Version-
   Siemens7sd82 Version-
   Siemens7sd86 Version-
   Siemens7sd87 Version-
   Siemens7sj82 Version-
   Siemens7sj85 Version-
   Siemens7sj86 Version-
   Siemens7sk82 Version-
   Siemens7sk85 Version-
   Siemens7sl82 Version-
   Siemens7sl86 Version-
   Siemens7sl87 Version-
   Siemens7um85 Version-
   Siemens7ut82 Version-
   Siemens7ut85 Version-
   Siemens7ut86 Version-
   Siemens7ut87 Version-
   Siemens7ve85 Version-
   Siemens7vk87 Version-
SiemensSiprotec 5 Digsi Device Driver Version7.90
   Siemens6md85 Version-
   Siemens6md86 Version-
   Siemens6md89 Version-
   Siemens7sa82 Version-
   Siemens7sa86 Version-
   Siemens7sa87 Version-
   Siemens7sd82 Version-
   Siemens7sd86 Version-
   Siemens7sd87 Version-
   Siemens7sj82 Version-
   Siemens7sj85 Version-
   Siemens7sj86 Version-
   Siemens7sk82 Version-
   Siemens7sk85 Version-
   Siemens7sl82 Version-
   Siemens7sl86 Version-
   Siemens7sl87 Version-
   Siemens7um85 Version-
   Siemens7ut82 Version-
   Siemens7ut85 Version-
   Siemens7ut86 Version-
   Siemens7ut87 Version-
   Siemens7ve85 Version-
   Siemens7vk87 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.25% 0.449
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.