CVE-2019-10928 - A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access

CVE-2019-10928

Summary

A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf

Vulnerable Configurations

cpe:2.3:o:siemens:scalance_sc-600_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_sc-600_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 02-10-2020 - 14:09)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf

Last major update

02-10-2020 - 14:09

Published

13-08-2019 - 19:15

Last modified

02-10-2020 - 14:09