Insufficient Data Blocking in Siemens Industrial Products
CVE-2019-6569

9.1CRITICAL

Key Information:

Vendor: Siemens
Status: Scalance X204-2; Scalance X204-2fm; Scalance X204-2ld; Scalance X204-2ld Ts
Vendor: CVE Published:; 26 March 2019

Summary

The affected Siemens industrial products exhibit a vulnerability due to their monitor barrier, which inadequately restricts data from being transmitted over the mirror port into the mirrored network. This flaw allows an attacker to send malicious packets into the network, potentially impacting the configuration and operational integrity of connected systems.

Affected Version(s)

SCALANCE X204-2 All versions < V5.2.6

SCALANCE X204-2FM All versions < V5.2.6

SCALANCE X204-2LD All versions < V5.2.6

References

https://cert-portal.siemens.com/productcert/pdf/ssa-55780...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2019
Vulnerability Reserved
Jan 22, 2019