9.8

CVE-2019-10938

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Data is provided by the National Vulnerability Database (NVD)
SiemensSiprotec 5 Digsi Device Driver
   Siemens6md85 Version-
   Siemens6md86 Version-
   Siemens6md89 Version-
   Siemens7sa82 Version-
   Siemens7sa86 Version-
   Siemens7sa87 Version-
   Siemens7sd82 Version-
   Siemens7sd86 Version-
   Siemens7sd87 Version-
   Siemens7sj82 Version-
   Siemens7sj85 Version-
   Siemens7sj86 Version-
   Siemens7sk82 Version-
   Siemens7sk85 Version-
   Siemens7sl82 Version-
   Siemens7sl86 Version-
   Siemens7sl87 Version-
   Siemens7um85 Version-
   Siemens7ut82 Version-
   Siemens7ut85 Version-
   Siemens7ut86 Version-
   Siemens7ut87 Version-
   Siemens7ve85 Version-
   Siemens7vk87 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.49% 0.626
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.