Denial of Service Vulnerability in Siemens SIPROTEC 5 Devices and DIGSI 5 Software
CVE-2019-10931

7.5HIGH

Key Information:

Vendor: Siemens Ag
Status: All Other Siprotec 5 Device Types With Cpu Variants Cp300 And Cp100 And The Respective Ethernet Communication Modules; Digsi 5 Engineering Software; Siprotec 5 Device Types 6md85, 6md86, 6md89, 7um85, 7sa87, 7sd87, 7sl87, 7vk87, 7sa82, 7sa86, 7sd82, 7sd86, 7sl82, 7sl86, 7sj86, 7sk82, 7sk85, 7sj82, 7sj85, 7ut82, 7ut85, 7ut86, 7ut87 And 7ve85 With Cpu Variants Cp300 And Cp100 And The Respective Ethernet Communication Modules; Siprotec 5 Device Types 7ss85 And 7ke85
Vendor: CVE Published:; 11 July 2019

Summary

A vulnerability has been identified in various Siemens SIPROTEC 5 device types and DIGSI 5 engineering software that could allow specially crafted packets sent to port 443/TCP to cause a Denial of Service condition. This affects a range of device types featuring CPU variants CP300, CP100, and CP200, as well as different versions of the DIGSI 5 software. Users should take appropriate measures to protect their systems against potential exploit attempts.

Affected Version(s)

All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions

DIGSI 5 engineering software All versions < V7.90

SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions < V7.90

References

https://cert-portal.siemens.com/productcert/pdf/ssa-89956...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2019
Vulnerability Reserved
Apr 8, 2019