Communication Encryption Vulnerability in Siemens SIMATIC MV400 Family
CVE-2019-10926

5.3MEDIUM

Key Information:

Vendor
Siemens
Status
Simatic Mv400 Family
Vendor
CVE Published:
12 June 2019

Summary

A security flaw exists in the Siemens SIMATIC MV400 family of products wherein communication with the device is not encrypted. This vulnerability allows an attacker with privileged network access to intercept and eavesdrop on data exchanged between the device and the user. The exploitation requires the user to initiate a session, subsequently compromising the confidentiality of sensitive information transmitted. Organizations using affected versions should prioritize updating to at least V7.0.6 to mitigate potential risks.

Affected Version(s)

SIMATIC MV400 family All Versions < V7.0.6

References

http://www.securityfocus.com/bid/108725
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-81698...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.