Main Vulnerability Database Vulnerabilities #VU20348

Improper Adherence to Coding Standards in SCALANCE SC-600 - CVE-2019-10928

Published: August 21, 2019

Vulnerability identifier: #VU20348

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-10928

CWE-ID:

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
SCALANCE SC-600

Detailed vulnerability description

the vulnerability allows an attacker to execute arbitrary commands on the target device.

The vulnerability exists due to the software does not follow certain coding rules for development. An authenticated attacker with access to Port 22/TCP as well as physical access to an affected device can execute arbitrary commands on the target device.

How to mitigate CVE-2019-10928

Install updates from vendor's website.

Sources

https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf

Improper Adherence to Coding Standards in SCALANCE SC-600 - CVE-2019-10928

Detailed vulnerability description

How to mitigate CVE-2019-10928

Sources

Please verify you're human