CVE-2019-10938

Summary

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected Software

VendorProductVersion RangeStatus
Siemens AGSIPROTEC 5 devices with CPU variants CP200All versions < V7.59affected
Siemens AGSIPROTEC 5 devices with CPU variants CP300 and CP100All versions < V8.01affected
Siemens AGSiemens Power Meters Series 9410All versions < V2.2.1affected
Siemens AGSiemens Power Meters Series 9810All versionsaffected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References