Vulnetix
Try Vulnetix Request Demo
CVE-2019-10938 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device.

EPSS 0.41% · 61.2th percentile

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.41%
61.2th percentile

Affected Products

VendorProductVersions
siemenssiprotec_5_digsi_device_driver
Siemens AGSiemens Power Meters Series 9410All versions < V2.2.1
Siemens AGSiemens Power Meters Series 9810All versions
Siemens AGSIPROTEC 5 devices with CPU variants CP300 and CP100All versions < V8.01
Siemens AGSIPROTEC 5 devices with CPU variants CP200All versions < V7.59

Timeline

References

Open in Interactive Console →