Vulnerabilities > CVE-2019-10931 - Unspecified vulnerability in Siemens products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

siemens

NVD

Published: 2019-07-11

Updated: 2021-10-28

Summary

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Siprotec 5 Digsi Device Driver * Siemens Siprotec 5 Digsi Device Driver 7.90 Siemens Digsi 5 Engineering Software *	3
Hardware	Siemens Siemens 6Md85 - Siemens 6Md86 - Siemens 6Md89 - Siemens 7Sa82 - Siemens 7Sa86 - Siemens 7Sa87 - Siemens 7Sd82 - Siemens 7Sd86 - Siemens 7Sd87 - Siemens 7Sj82 - Siemens 7Sj85 - Siemens 7Sj86 - Siemens 7Sk82 - Siemens 7Sk85 - Siemens 7Sl82 - Siemens 7Sl86 - Siemens 7Sl87 - Siemens 7Um85 - Siemens 7Ut82 - Siemens 7Ut85 - Siemens 7Ut86 - Siemens 7Ut87 - Siemens 7Ve85 - Siemens 7Vk87 - Siemens 7Ke85 - Siemens 7Ss85 -	26

References

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf