CVE-2019-13944

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf	Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-344-07	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_dnp3_tcp::::::::
	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_iec_61850::::::::
	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_iec104::::::::
	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_modbus_tcp::::::::
	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_profinet_io::::::::

cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*

History

02 Feb 2023, 19:18

Type	Values Removed	Values Added
References	~~(MISC) https://www.us-cert.gov/ics/advisories/icsa-19-344-07 -~~	(MISC) https://www.us-cert.gov/ics/advisories/icsa-19-344-07 - Third Party Advisory, US Government Resource

Information

Published : 2019-12-12 19:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-13944

Mitre link : CVE-2019-13944

CVE.ORG link : CVE-2019-13944

JSON object : View

Products Affected

siemens

en100_ethernet_module_with_firmware_variant_iec_61850
en100_ethernet_module_with_firmware_variant_profinet_io
en100_ethernet_module_with_firmware_variant_modbus_tcp
en100_ethernet_module
en100_ethernet_module_with_firmware_variant_dnp3_tcp
en100_ethernet_module_with_firmware_variant_iec104

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23

Relative Path Traversal

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-13944

5.3^/10

5.0^/10

Attach tags to `CVE-2019-13944`