CVE-2019-10930
A vulnerability has been identified in SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions), DIGSI 5 engineering software (All versions < V7.90). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.
EPSS 0.47% · 65.1th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | siprotec_5_digsi_device_driver | 7.90 |
| Siemens AG | All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules | All versions |
| Siemens AG | SIPROTEC 5 device types 7SS85 and 7KE85 | * |
| Siemens AG | SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules | All versions < V7.90 |
| Siemens AG | SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules | All versions |
| siemens | digsi_5_engineering_software | 7.90 |
| Siemens AG | DIGSI 5 engineering software | All versions < V7.90 |
Exploit Intelligence
- Exploit for cve-2013-0169 (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
- :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: (github-poc)
…and 11 more exploits
Timeline
- Jul 9, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-10930 advisory