CVE-2019-10928 — MEDIUM (6.6)

Vulnerability Description

A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device.

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Scalance Sc-600 Firmware	2.0
Siemens	Scalance Sc-600	-

Related Weaknesses (CWE)

CWE-703

References

https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdfVendor Advisory

FAQ

What is CVE-2019-10928?

CVE-2019-10928 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow exe...

How severe is CVE-2019-10928?

CVE-2019-10928 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10928?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance Sc-600 Firmware, Siemens Scalance Sc-600.