Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19279 (GCVE-0-2019-19279)
Vulnerability from cvelistv5 – Published: 2020-03-10 19:16 – Updated: 2024-08-05 02:09
VLAI?
EPSS
Summary
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens AG | SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T19:16:17.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19279",
"datePublished": "2020-03-10T19:16:17.000Z",
"dateReserved": "2019-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:09:39.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2019-19279
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19279",
"description": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.",
"id": "GSD-2019-19279"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19279"
],
"details": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.",
"id": "GSD-2019-19279",
"modified": "2023-12-13T01:23:53.581555Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:siprotec_4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siprotec_compact:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19279"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-03-13T19:49Z",
"publishedDate": "2020-03-10T20:15Z"
}
}
}
CVE-2019-19279
Vulnerability from fstec - Published: 11.02.2020
VLAI Severity ?
Title
Уязвимость устройств релейной защиты SIPROTEC, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость устройств релейной защиты SIPROTEC связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании с помощью специально созданных пакетов отправленных на порт 50000/UDP
Severity ?
Vendor
Siemens AG
Software Name
SIPROTEC 4 and SIPROTEC Compact relays
Software Version
- (SIPROTEC 4 and SIPROTEC Compact relays)
Possible Mitigations
Использование рекомендаций производителя:
https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (SIPROTEC 4 and SIPROTEC Compact relays)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.02.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.05.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.05.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02443",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-19279",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIPROTEC 4 and SIPROTEC Compact relays",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0440\u0435\u043b\u0435\u0439\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b SIPROTEC, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0440\u0435\u043b\u0435\u0439\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b SIPROTEC \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043f\u043e\u0440\u0442 50000/UDP",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
GHSA-F47R-9FWR-4P3H
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10
VLAI?
Details
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.
{
"affected": [],
"aliases": [
"CVE-2019-19279"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-10T20:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.",
"id": "GHSA-f47r-9fwr-4p3h",
"modified": "2022-05-24T17:10:36Z",
"published": "2022-05-24T17:10:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19279"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2019-19279
Vulnerability from fkie_nvd - Published: 2020-03-10 20:15 - Updated: 2024-11-21 04:34
Severity ?
Summary
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | siprotec_4 | * | |
| siemens | siprotec_compact | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:siprotec_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A4AC48-7BF4-40F9-9D86-328F94A85683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siprotec_compact:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CB31CA-11BC-4185-8BCF-964E30EFE10F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en los rel\u00e9s SIPROTEC 4 y SIPROTEC Compact equipados con m\u00f3dulos de comunicaci\u00f3n EN100 Ethernet (todas las versiones). Paquetes especialmente dise\u00f1ados enviados hacia el puerto 50000/UDP de los m\u00f3dulos de comunicaci\u00f3n Ethernet EN100 podr\u00edan causar una Denegaci\u00f3n de Servicio del dispositivo afectado. Es requerido un reinicio manual para recuperar el servicio del dispositivo. Al momento de la publicaci\u00f3n del aviso, no se conoc\u00eda por Siemens una explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad."
}
],
"id": "CVE-2019-19279",
"lastModified": "2024-11-21T04:34:29.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-10T20:15:18.807",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2020-AVI-090
Vulnerability from certfr_avis - Published: 2020-02-13 - Updated: 2020-02-13
De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC IPC427D, IPC427E (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC Route Control V8.1 | ||
| Siemens | N/A | SCALANCE M-800 / S615 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V16 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS) | ||
| Siemens | N/A | OpenPCS 7 V9.0 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions antérieures à 20.8 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC Field PG M4, Field PG M5, Field PG M6 | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules | ||
| Siemens | N/A | SIMATIC Route Control V8.2 | ||
| Siemens | N/A | SIPORT MP versions antérieures à V3.1.4 | ||
| Siemens | N/A | SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2 | ||
| Siemens | N/A | OZW672 versions antérieures à V10.00 | ||
| Siemens | N/A | SIMATIC CP 1626 | ||
| Siemens | N/A | SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4 | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2 | ||
| Siemens | N/A | SIMATIC NET PC Software | ||
| Siemens | N/A | RUGGEDCOM RM1224 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC WinCC V7.3 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.1 | ||
| Siemens | N/A | SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3 | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 | ||
| Siemens | N/A | SCALANCE S602, S612, S623, S627-2M, S627-2M | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6 | ||
| Siemens | N/A | SIMATIC BATCH V8.1 | ||
| Siemens | N/A | SIMATIC BATCH V9.0 | ||
| Siemens | N/A | SIMATIC RF182C | ||
| Siemens | N/A | SCALANCE XR-500 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2 | ||
| Siemens | N/A | SCALANCE W700 IEEE 802.11n versions antérieures à V6.4 | ||
| Siemens | N/A | SIMOTION P320-4S | ||
| Siemens | N/A | SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | IE/PB LINK PN IO (incl. variante SIPLUS NET) | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01 | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2 | ||
| Siemens | N/A | SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS) | ||
| Siemens | N/A | SIMATIC RF180C | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 | ||
| Siemens | N/A | TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0 | ||
| Siemens | N/A | SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA | ||
| Siemens | N/A | SIMATIC MV400 | ||
| Siemens | N/A | OZW772 versions antérieures à V10.00 | ||
| Siemens | N/A | SIMATIC IPC Support, Package for VxWorks | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V15.1 | ||
| Siemens | N/A | SINAMICS DCP versions antérieures à V1.3 | ||
| Siemens | N/A | SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1 | ||
| Siemens | N/A | SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V14.0.1 | ||
| Siemens | N/A | SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E | ||
| Siemens | N/A | SIMATIC RF600 versions antérieures à V3.2.1 | ||
| Siemens | N/A | SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8 | ||
| Siemens | N/A | OpenPCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1 | ||
| Siemens | N/A | SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC ITP1000 | ||
| Siemens | N/A | SIMATIC Route Control V9.0 | ||
| Siemens | N/A | SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS) | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller | ||
| Siemens | N/A | OpenPCS 7 V8.1 | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC WinCC V7.4 | ||
| Siemens | N/A | SCALANCE XM-400 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | PROFINET Driver for Controller versions antérieures à V2.1 Patch 03 | ||
| Siemens | N/A | SIMOTION P320-4E | ||
| Siemens | N/A | SIMATIC BATCH V8.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 20.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Field PG M4, Field PG M5, Field PG M6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPORT MP versions ant\u00e9rieures \u00e0 V3.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW672 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1626",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions ant\u00e9rieures V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S602, S612, S623, S627-2M, S627-2M",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF182C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR-500 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W700 IEEE 802.11n versions ant\u00e9rieures \u00e0 V6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4S",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IE/PB LINK PN IO (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5 Patch 01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF180C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions ant\u00e9rieures \u00e0 V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV400",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW772 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC Support, Package for VxWorks",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS DCP versions ant\u00e9rieures \u00e0 V1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1616 et CP 1604 versions ant\u00e9rieures \u00e0 V2.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V14.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF600 versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (except\u00e9 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS) versions ant\u00e9rieures \u00e0 2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 7.5.1 Upd1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1623 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITP1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V6 et ant\u00e9rieures (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM-400 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PROFINET Driver for Controller versions ant\u00e9rieures \u00e0 V2.1 Patch 03",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19282"
},
{
"name": "CVE-2019-19277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19277"
},
{
"name": "CVE-2019-13926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13926"
},
{
"name": "CVE-2019-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-19281",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19281"
},
{
"name": "CVE-2019-13941",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13941"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2019-18217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18217"
},
{
"name": "CVE-2019-12815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12815"
},
{
"name": "CVE-2019-13940",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
},
{
"name": "CVE-2019-19279",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19279"
},
{
"name": "CVE-2019-13925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13925"
},
{
"name": "CVE-2019-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
},
{
"name": "CVE-2019-13946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
},
{
"name": "CVE-2019-6585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6585"
},
{
"name": "CVE-2020-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19282"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2018-18065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
}
],
"initial_release_date": "2020-02-13T00:00:00",
"last_revision_date": "2020-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-090",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-398519 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-940889 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-974843 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-270778 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-986695 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-750824 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-591405 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978558 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
]
}
CNVD-2020-04715
Vulnerability from cnvd - Published: 2020-02-12
VLAI Severity ?
Title
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families拒绝服务漏洞
Description
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families是提供集成保护、控制、测量和变电站和其他应用领域的自动化功能。
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families存在拒绝服务漏洞。攻击者可利用漏洞发送EN100以太网通信模块的50000/UDP端口的数据包,导致受影响设备拒绝服务。
Severity
高
Patch Name
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families拒绝服务漏洞的补丁
Patch Description
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families是提供集成保护、控制、测量和变电站和其他应用领域的自动化功能。
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families存在拒绝服务漏洞。攻击者可利用漏洞发送EN100以太网通信模块的50000/UDP端口的数据包,导致受影响设备拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf
Impacted products
| Name | SIEMENS SIPROTEC 4 and SIPROTEC Compact relaysequipped with EN100 Ethernet communication modules |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-19279"
}
},
"description": "SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families\u662f\u63d0\u4f9b\u96c6\u6210\u4fdd\u62a4\u3001\u63a7\u5236\u3001\u6d4b\u91cf\u548c\u53d8\u7535\u7ad9\u548c\u5176\u4ed6\u5e94\u7528\u9886\u57df\u7684\u81ea\u52a8\u5316\u529f\u80fd\u3002\n\nSIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u53d1\u9001EN100\u4ee5\u592a\u7f51\u901a\u4fe1\u6a21\u5757\u768450000/UDP\u7aef\u53e3\u7684\u6570\u636e\u5305\uff0c\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-04715",
"openTime": "2020-02-12",
"patchDescription": "SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families\u662f\u63d0\u4f9b\u96c6\u6210\u4fdd\u62a4\u3001\u63a7\u5236\u3001\u6d4b\u91cf\u548c\u53d8\u7535\u7ad9\u548c\u5176\u4ed6\u5e94\u7528\u9886\u57df\u7684\u81ea\u52a8\u5316\u529f\u80fd\u3002\r\n\r\nSIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u53d1\u9001EN100\u4ee5\u592a\u7f51\u901a\u4fe1\u6a21\u5757\u768450000/UDP\u7aef\u53e3\u7684\u6570\u636e\u5305\uff0c\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "SIEMENS SIPROTEC 4 and SIPROTEC Compact relaysequipped with EN100 Ethernet communication modules"
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf",
"serverity": "\u9ad8",
"submitTime": "2020-02-12",
"title": "SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…