CVE-2019-10926

Summary

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC MV400 familyAll Versions < V7.0.6affected

Weaknesses

  • CWE-319: CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References