CVE-2019-13929

EPSS 0.2%
Published 10.10.2019 14:15:14
Last modified 21.11.2024 04:25:43
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic It Uadm Version < 1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.386

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-13929

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13929

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13929

EUVD