VDB

CVE-2019-10938

CVE-2019-10938 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device.

EPSS 0.41% · 61.8th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.41%
61.8th percentile

Affected Products

VendorProductVersions
siemenssiprotec_5_digsi_device_driver
Siemens AGSiemens Power Meters Series 9410*
Siemens AGSiemens Power Meters Series 9810All versions
Siemens AGSIPROTEC 5 devices with CPU variants CP300 and CP100All versions < V8.01
Siemens AGSIPROTEC 5 devices with CPU variants CP200*

Exploit Intelligence

Timeline

  • Aug 2, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›