![]() ![]() Siemens recommends users upgrade to V7.90 where available and apply the following specific mitigations: Pierre Capillon, Nicolas Iooss, and Jean-Baptiste Galet from Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) reported these vulnerabilities to Siemens. CRITICAL INFRASTRUCTURE SECTORS: Energy.A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Specially crafted packets sent to Port 443/TCP could cause a denial-of-service condition.ĬVE-2019-10931 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). SIPROTEC 5 with CPU variants CP200 and the respective Ethernet communication modulesĤ.2 VULNERABILITY OVERVIEW 4.2.1 IMPROPER INPUT VALIDATION CWE-20Ī remote attacker could use specially crafted packets sent to Port 443/TCP to upload, download, or delete files in certain parts of the file system.ĬVE-2019-10930 has been assigned to this vulnerability.SIPROTEC 5 (All versions prior to v7.90) with CPU variants CP300 and CP100 and the respective Ethernet communication modules listed below:.Siemens reports that the vulnerability affects the following SIPROTEC 5 and DIGSI 5 products: Successful exploitation of these vulnerabilities could allow a denial-of-service condition and limited control of file upload, download, and delete functions. This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 that was published Jon the ICS webpage on. ![]() Vulnerabilities: Improper Input Validation.ATTENTION: Exploitable remotely/low skill level to exploit. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |