← Back

CVE-2019-10925

nvd nist
Published: Jun 12, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Exploitability: 2.8 / Impact: 4.2
Source: NVD

Description

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected (2)

Siemens
2 products
Simatic Mv420 Firmware
Simatic Mv440 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Mv420 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Mv420
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Mv440 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Mv440
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

Source: productcert@siemens.com
Third Party AdvisoryVDB Entry
Source: productcert@siemens.com
MitigationVendor Advisory
Source: productcert@siemens.com
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.