SB2019082105 - Multiple vulnerabilities in Siemens SCALANCE Products
Published: August 21, 2019
Security Bulletin ID
SB2019082105
CSH Severity
Medium
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper Adherence to Coding Standards (CVE-ID: CVE-2019-10927)
CWE-ID: -
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the software does not follow certain coding rules for development. A remote authenticated attacker with network access to Port 22/TCP of an affected device can cause a denial-of-service condition.
2) Improper Adherence to Coding Standards (CVE-ID: CVE-2019-10928)
CWE-ID: -
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
the vulnerability allows an attacker to execute arbitrary commands on the target device.
The vulnerability exists due to the software does not follow certain coding rules for development. An authenticated attacker with access to Port 22/TCP as well as physical access to an affected device can execute arbitrary commands on the target device.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.