Vulnerabilities > CVE-2019-6569 - Expected Behavior Violation vulnerability in Siemens products

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

siemens

CWE-440

critical

NVD

Published: 2019-03-26

Updated: 2022-07-12

Summary

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Scalance X 200 Firmware - Siemens Scalance X 300 Firmware - Siemens Scalance XP 200 Firmware - Siemens Scalance XP 200 Firmware 3.0 Siemens Scalance XC 200 Firmware - Siemens Scalance XC 200 Firmware 3.0 Siemens Scalance XF 200 Firmware -	7
Hardware	Siemens Siemens Scalance X 200 - Siemens Scalance X 300 - Siemens Scalance XP 200 - Siemens Scalance XC 200 - Siemens Scalance XF 200 -	5

Common Weakness Enumeration (CWE)

CWE-440 - Expected Behavior Violation

References

https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf