VDB
ICSA-19-190-05
ICSA-19-190-05
PUBLISHED
CVSS 7.300000190734863 HIGH
Successful exploitation of these vulnerabilities could allow a denial-of-service condition and limited control of file upload, download, and delete functions.
Risk Scores
CVSS v3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIPROTEC 5 device types with CPU variants CP200 and the respective: All versions | ||
| DIGSI 5 engineering software: All versions < V7.90 | ||
| All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and: All versions | ||
| SIPROTEC 5 device types 7SS85 and 7KE85: All versions < V8.01 | ||
| SIPROTEC 5 device types with CPU variants CP200 and the respective: All versions < V7.59 | ||
| SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,: All versions < V7.90 |
Timeline
- Jul 9, 2019 CVE Published
- May 12, 2020 CVE Updated
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-190-05.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-19-190-05 advisory
- https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://cert-portal.siemens.com/productcert/txt/SSA-899560.txt url
- https://support.industry.siemens.com/cs/ww/en/ fix
- https://support.industry.siemens.com/cs/us/en/view/109767686 fix