Vulnetix
Try Vulnetix Request Demo
CVE-2019-10939 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.

EPSS 0.44% · 63.2th percentile

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.44%
63.2th percentile

Affected Products

VendorProductVersions
Siemens AGTIM 3V-IE (incl. SIPLUS NET variants)All versions < V2.8
Siemens AGTIM 4R-IE DNP3 (incl. SIPLUS NET variants)All versions < V3.3
Siemens AGTIM 3V-IE Advanced (incl. SIPLUS NET variants)All versions < V2.8
siemenstim_4r-ie_firmware0
siemenstim_4r-ie_dnp3_firmware0
Siemens AGTIM 4R-IE (incl. SIPLUS NET variants)All versions < V2.8
Siemens AGTIM 3V-IE DNP3 (incl. SIPLUS NET variants)All versions < V3.3
siemenstim_3v-ie_advanced_firmware0
siemenstim_3v-ie_dnp3_firmware0
siemenstim_3v-ie_firmware0

Timeline

References

Open in Interactive Console →