Multiple vulnerabilities in Siemens SIMATIC Ident MV420 and MV440 Families



Published: 2019-06-11 | Updated: 2019-06-26
Risk Medium
Patch available NO
Number of vulnerabilities 2
CVE-ID CVE-2019-10925
CVE-2019-10926
CWE-ID CWE-264
CWE-319
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe 		SIMATIC Ident MV440
Server applications / SCADA systems

SIMATIC Ident MV420
Server applications / SCADA systems

Vendor Siemens

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU18818

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-10925

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a flaw in the integrated webserver. A remote authenticated attacker can escalate privileges by sending specially crafted requests to the integrated webserver.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vendor's recommendation:
  • By setting the DISA bit, changes to the project by logged-in users can be prevented
  •   Protect network access to affected devices.

Vulnerable software versions

SIMATIC Ident MV440: 1.0

SIMATIC Ident MV420: 1.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Cleartext transmission of sensitive information

EUVDB-ID: #VU18819

Risk: Medium

CVSSv3.1: 5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-10926

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain a sensitive information on the system.

The vulnerability exists due to unencrypted communication with the device. A remote attacker in a privileged network position can obtain data transmitted between the device and the user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC Ident MV440: 1.0

SIMATIC Ident MV420: 1.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###