CVE-2019-10930 — HIGH (7.5)

Q: How severe is CVE-2019-10930?

CVE-2019-10930 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10930?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Digsi 5 Engineering Software, Siemens Siprotec 5 Digsi Device Driver, Siemens 6Md85, Siemens 6Md86, Siemens 6Md89.

Vulnerability Description

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Digsi 5 Engineering Software	7.90
Siemens	Siprotec 5 Digsi Device Driver	7.90
Siemens	6Md85	-
Siemens	6Md86	-
Siemens	6Md89	-
Siemens	7Sa82	-
Siemens	7Sa86	-
Siemens	7Sa87	-
Siemens	7Sd82	-
Siemens	7Sd86	-
Siemens	7Sd87	-
Siemens	7Sj82	-
Siemens	7Sj85	-
Siemens	7Sj86	-
Siemens	7Sk82	-
Siemens	7Sk85	-
Siemens	7Sl82	-
Siemens	7Sl86	-
Siemens	7Sl87	-
Siemens	7Um85	-

Related Weaknesses (CWE)

CWE-434 CWE-552

References

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdfVendor Advisory

FAQ

What is CVE-2019-10930?

CVE-2019-10930 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering softwa...

How severe is CVE-2019-10930?

CVE-2019-10930 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10930?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Digsi 5 Engineering Software, Siemens Siprotec 5 Digsi Device Driver, Siemens 6Md85, Siemens 6Md86, Siemens 6Md89.