CVE-2019-10925
Last modified
CVE-2019-10925 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. EPSS estimates a 2.27% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Mv420 Firmware | All versions |
| Siemens | Simatic Mv440 Firmware | All versions |
References
- http://www.securityfocus.com/bid/108725Third Party Advisory, VDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdfMitigation, Vendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/108725Third Party Advisory, VDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdfMitigation, Vendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10925?
How severe is CVE-2019-10925?
How do I fix CVE-2019-10925?
Are you affected by CVE-2019-10925?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST