Protection Mechanism Failure in McAfee products - CVE-2019-19278
Published: January 15, 2020
Vulnerability identifier: #VU24312
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-19278
CWE-ID: CWE-693
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: McAfee
Affected software:
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR42
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR52
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR42
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR52
SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325
Detailed vulnerability description
The vulnerability allows a local attacker to restart the HMI with disabled security controls.
The vulnerability exists due to insufficient implementation of security measures. An attacker with physical access can restore the affected device to a point where predefined application and operating system protection mechanisms are not in place.
How to mitigate CVE-2019-19278
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.