Vulnerabilities > CVE-2019-10938 - Unspecified vulnerability in Siemens Siprotec 5 Digsi Device Driver

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

critical

NVD

Published: 2019-08-02

Updated: 2020-10-02

Summary

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Siprotec 5 Digsi Device Driver *	1
Hardware	Siemens Siemens 6Md85 - Siemens 6Md86 - Siemens 6Md89 - Siemens 7Sa82 - Siemens 7Sa86 - Siemens 7Sa87 - Siemens 7Sd82 - Siemens 7Sd86 - Siemens 7Sd87 - Siemens 7Sj82 - Siemens 7Sj85 - Siemens 7Sj86 - Siemens 7Sk82 - Siemens 7Sk85 - Siemens 7Sl82 - Siemens 7Sl86 - Siemens 7Sl87 - Siemens 7Um85 - Siemens 7Ut82 - Siemens 7Ut85 - Siemens 7Ut86 - Siemens 7Ut87 - Siemens 7Ve85 - Siemens 7Vk87 -	24

Summary

Vulnerable Configurations

References