CVE-2019-10938
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Affected (1)
Products: Siemens: Siprotec 5 Digsi Device Driver
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens 6md85 | All versions |
Siemens 6md86 | All versions |
Siemens 6md89 | All versions |
Siemens 7sa82 | All versions |
Siemens 7sa86 | All versions |
Siemens 7sa87 | All versions |
Siemens 7sd82 | All versions |
Siemens 7sd86 | All versions |
Siemens 7sd87 | All versions |
Siemens 7sj82 | All versions |
Siemens 7sj85 | All versions |
Siemens 7sj86 | All versions |
Siemens 7sk82 | All versions |
Siemens 7sk85 | All versions |
Siemens 7sl82 | All versions |
Siemens 7sl86 | All versions |
Siemens 7sl87 | All versions |
Siemens 7um85 | All versions |
Siemens 7ut82 | All versions |
Siemens 7ut85 | All versions |
Siemens 7ut86 | All versions |
Siemens 7ut87 | All versions |
Siemens 7ve85 | All versions |
Siemens 7vk87 | All versions |
References (4)
Source: productcert@siemens.com
MitigationPatchVendor Advisory
Source: productcert@siemens.com
MitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationPatchVendor Advisory
Timeline
No history available yet.