File System Vulnerability in SIPROTEC 5 Devices from Siemens
CVE-2019-10930

7.5HIGH

Key Information:

Vendor: Siemens Ag
Status: All Other Siprotec 5 Device Types With Cpu Variants Cp300 And Cp100 And The Respective Ethernet Communication Modules; Digsi 5 Engineering Software; Siprotec 5 Device Types 6md85, 6md86, 6md89, 7um85, 7sa87, 7sd87, 7sl87, 7vk87, 7sa82, 7sa86, 7sd82, 7sd86, 7sl82, 7sl86, 7sj86, 7sk82, 7sk85, 7sj82, 7sj85, 7ut82, 7ut85, 7ut86, 7ut87 And 7ve85 With Cpu Variants Cp300 And Cp100 And The Respective Ethernet Communication Modules; Siprotec 5 Device Types 7ss85 And 7ke85
Vendor: CVE Published:; 11 July 2019

Summary

A vulnerability has been identified in various SIPROTEC 5 device models and their CPU variants, which could allow a remote attacker to exploit the devices by sending specially crafted packets to port 443/TCP. This exploitation could enable the unauthorized upload, download, or deletion of files in specific areas of the device's file system, potentially compromising system integrity and availability.

Affected Version(s)

All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions

DIGSI 5 engineering software All versions < V7.90

SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions < V7.90

References

https://cert-portal.siemens.com/productcert/pdf/ssa-89956...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2019
Vulnerability Reserved
Apr 8, 2019