Vulnerability Description
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Siprotec 5 Digsi Device Driver | All versions |
| Siemens | 6Md85 | - |
| Siemens | 6Md86 | - |
| Siemens | 6Md89 | - |
| Siemens | 7Sa82 | - |
| Siemens | 7Sa86 | - |
| Siemens | 7Sa87 | - |
| Siemens | 7Sd82 | - |
| Siemens | 7Sd86 | - |
| Siemens | 7Sd87 | - |
| Siemens | 7Sj82 | - |
| Siemens | 7Sj85 | - |
| Siemens | 7Sj86 | - |
| Siemens | 7Sk82 | - |
| Siemens | 7Sk85 | - |
| Siemens | 7Sl82 | - |
| Siemens | 7Sl86 | - |
| Siemens | 7Sl87 | - |
| Siemens | 7Um85 | - |
| Siemens | 7Ut82 | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdfMitigationPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdfMitigationPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdfMitigationPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdfMitigationPatchVendor Advisory
FAQ
What is CVE-2019-10938?
CVE-2019-10938 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Met...
How severe is CVE-2019-10938?
CVE-2019-10938 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10938?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Siprotec 5 Digsi Device Driver, Siemens 6Md85, Siemens 6Md86, Siemens 6Md89, Siemens 7Sa82.