CVE-2019-10938
N/A
N/A
Summary
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens AG | SIPROTEC 5 devices with CPU variants CP200 | All versions < V7.59 | affected |
| Siemens AG | SIPROTEC 5 devices with CPU variants CP300 and CP100 | All versions < V8.01 | affected |
| Siemens AG | Siemens Power Meters Series 9410 | All versions < V2.2.1 | affected |
| Siemens AG | Siemens Power Meters Series 9810 | All versions | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.