Privilege Escalation Vulnerability in SIMATIC MV400 Family by Siemens
CVE-2019-10925

7.1HIGH

Key Information:

Vendor
Siemens
Status
Simatic Mv400 Family
Vendor
CVE Published:
12 June 2019

Summary

A security flaw in the SIMATIC MV400 family allows an authenticated attacker to escalate privileges via specially crafted requests to the device’s integrated webserver. Exploitation of this vulnerability requires valid user credentials and network access to the affected device, but does not need any user interaction. This could compromise the integrity and availability of the system. As of the advisory publication date, no public exploit was reported.

Affected Version(s)

SIMATIC MV400 family All Versions < V7.0.6

References

http://www.securityfocus.com/bid/108725
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-81698...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.