CVE-2019-10930

A vulnerability has been identified in SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions), DIGSI 5 engineering software (All versions < V7.90). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.

Published : 2019-07-11 22:15 Updated : 2019-10-09 23:45

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Siemens Digsi 5 Engineering Software 7.90 cpe:/a:siemens:digsi_5_engineering_software:7.90
Siemens Siprotec 5 Digsi Device Driver 7.90 cpe:/a:siemens:siprotec_5_digsi_device_driver:7.90
  1. Siemens (2) Search CVE
    1. Siprotec 5 Digsi Device Driver (1) Search CVE
      1. 7.90
    2. Digsi 5 Engineering Software (1) Search CVE
      1. 7.90

CWE

ID Name Description Links
CWE-434 Unrestricted Upload of File with Dangerous Type The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. CVE

History of changes

Date Event
2019-07-19 13:21
2019-07-11 22:15

New CVE