Main Vulnerability Database SB2019071208

SB2019071208 - Input validation error in Siemens DIGSI 5

Published: July 12, 2019 Updated: July 15, 2019

Security Bulletin ID SB2019071208

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-10930)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can use specially crafted packets sent to Port 443/TCP to upload, download, or delete files in certain parts of the file system.

The vulnerability affects SIPROTEC 5 with CPU variants CP300 and CP100 and the respective Ethernet communication modules listed below:

6MD85
6MD86
6MD89
7UM85
7SA87
7SD87
7SL87
7VK87
7SA82
7SA86
7SD82
7SD86
7SL82
7SL86
7SJ86
7SK82
7SK85
7SJ82
7SJ85
7UT82
7UT85
7UT86
7UT87
7VE85

Remediation

Install update from vendor's website.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf