CVE-2019-13944

Published Dec 12, 2019

Last updated 2 years ago

CVSS medium 5.3

Overview

Description: A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known.
Source: productcert@siemens.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22
productcert@siemens.com: CWE-23

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_dnp3_tcp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF72E8A5-4A16-4CF8-9E61-AFFC03601E6E"
          },
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_iec_61850:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B8072EE-0802-4BDF-AFD7-40903FD1E745",
            "versionEndExcluding": "4.37"
          },
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_iec104:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4A4DECE-7ECB-4E8B-8617-75FDFE98FCA4"
          },
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_modbus_tcp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E6BB145-4C7D-4E30-8058-A809DBB65735"
          },
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_profinet_io:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49004945-B9EA-4AFE-8B95-CC7C8F80FAD6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DAC429FD-7148-4A68-AA81-8FBADA588F4E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References