CVE-2019-10931

EPSS 0.19%
Veröffentlicht 11.07.2019 22:15:11
Zuletzt bearbeitet 21.11.2024 04:20:10
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Siprotec 5 Digsi Device Driver Version < 7.90

   Siemens ≫ 6md85 Version-
   Siemens ≫ 6md86 Version-
   Siemens ≫ 6md89 Version-
   Siemens ≫ 7sa82 Version-
   Siemens ≫ 7sa86 Version-
   Siemens ≫ 7sa87 Version-
   Siemens ≫ 7sd82 Version-
   Siemens ≫ 7sd86 Version-
   Siemens ≫ 7sd87 Version-
   Siemens ≫ 7sj82 Version-
   Siemens ≫ 7sj85 Version-
   Siemens ≫ 7sj86 Version-
   Siemens ≫ 7sk82 Version-
   Siemens ≫ 7sk85 Version-
   Siemens ≫ 7sl82 Version-
   Siemens ≫ 7sl86 Version-
   Siemens ≫ 7sl87 Version-
   Siemens ≫ 7um85 Version-
   Siemens ≫ 7ut82 Version-
   Siemens ≫ 7ut85 Version-
   Siemens ≫ 7ut86 Version-
   Siemens ≫ 7ut87 Version-
   Siemens ≫ 7ve85 Version-
   Siemens ≫ 7vk87 Version-

Siemens ≫ Siprotec 5 Digsi Device Driver Version < 8.01

Siemens ≫ 7ke85 Version-
Siemens ≫ 7ss85 Version-

Siemens ≫ Digsi 5 Engineering Software Version < 7.90

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.375

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10931

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10931

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10931

EUVD