CVE-2019-10931 — HIGH (7.5)

Q: How severe is CVE-2019-10931?

CVE-2019-10931 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10931?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Siprotec 5 Digsi Device Driver, Siemens 6Md85, Siemens 6Md86, Siemens 6Md89, Siemens 7Sa82.

Vulnerability Description

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Siprotec 5 Digsi Device Driver	< 7.90
Siemens	6Md85	-
Siemens	6Md86	-
Siemens	6Md89	-
Siemens	7Sa82	-
Siemens	7Sa86	-
Siemens	7Sa87	-
Siemens	7Sd82	-
Siemens	7Sd86	-
Siemens	7Sd87	-
Siemens	7Sj82	-
Siemens	7Sj85	-
Siemens	7Sj86	-
Siemens	7Sk82	-
Siemens	7Sk85	-
Siemens	7Sl82	-
Siemens	7Sl86	-
Siemens	7Sl87	-
Siemens	7Um85	-
Siemens	7Ut82	-

Related Weaknesses (CWE)

CWE-248

References

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdfVendor Advisory

FAQ

What is CVE-2019-10931?

CVE-2019-10931 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering softwa...

How severe is CVE-2019-10931?

CVE-2019-10931 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10931?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Siprotec 5 Digsi Device Driver, Siemens 6Md85, Siemens 6Md86, Siemens 6Md89, Siemens 7Sa82.