CVE-2019-10925

Sažetak

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Reference

http://www.securityfocus.com/bid/108725
https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Zadnje važnije ažuriranje

15-03-2021 - 18:15

Objavljeno

12-06-2019 - 14:29