CVE-2019-10931
A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.
EPSS 0.36% · 58.6th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | siprotec_5_digsi_device_driver | 0, 0 |
| Siemens AG | SIPROTEC 5 device types 7SS85 and 7KE85 | All versions < V8.01 |
| siemens | digsi_5_engineering_software | 0 |
| Siemens AG | SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules | All versions < V7.59 |
| Siemens AG | DIGSI 5 engineering software | All versions < V7.90 |
| Siemens AG | SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules | All versions < V7.90 |
| Siemens AG | All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules | All versions |
| Siemens AG | SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules | All versions < V7.59 |
Timeline
- Jul 9, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-10931 advisory