cnvd - cnvd-2019-22235

cnvd-2019-22235

Vulnerability from cnvd

Title

Siemens TIA Administrator身份验证漏洞

Description

Simatic WinCC（TIA Portal）是一种工程软件，用于配置和编程Simatic面板、Simatic工业PC和运行WinCC Runtime Advanced或SCADA系统的标准PC Winccruntime专业可视化软件。 Siemens TIA Administrator存在身份验证漏洞。攻击者可以利用该漏洞来破坏受影响系统的机密性、完整性和可用性。

Severity

高

Patch Name

Siemens TIA Administrator身份验证漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf

Impacted products

Name
SIEMENS TIA Administrato < V1.0 SP1 Upd1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10915"
    }
  },
  "description": "Simatic WinCC\uff08TIA Portal\uff09\u662f\u4e00\u79cd\u5de5\u7a0b\u8f6f\u4ef6\uff0c\u7528\u4e8e\u914d\u7f6e\u548c\u7f16\u7a0bSimatic\u9762\u677f\u3001Simatic\u5de5\u4e1aPC\u548c\u8fd0\u884cWinCC Runtime Advanced\u6216SCADA\u7cfb\u7edf\u7684\u6807\u51c6PC Winccruntime\u4e13\u4e1a\u53ef\u89c6\u5316\u8f6f\u4ef6\u3002\n\nSiemens TIA Administrator\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u7834\u574f\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-22235",
  "openTime": "2019-07-12",
  "patchDescription": "Simatic WinCC\uff08TIA Portal\uff09\u662f\u4e00\u79cd\u5de5\u7a0b\u8f6f\u4ef6\uff0c\u7528\u4e8e\u914d\u7f6e\u548c\u7f16\u7a0bSimatic\u9762\u677f\u3001Simatic\u5de5\u4e1aPC\u548c\u8fd0\u884cWinCC Runtime Advanced\u6216SCADA\u7cfb\u7edf\u7684\u6807\u51c6PC Winccruntime\u4e13\u4e1a\u53ef\u89c6\u5316\u8f6f\u4ef6\u3002\r\n\r\nSiemens TIA Administrator\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u7834\u574f\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens TIA Administrator\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS TIA Administrato \u003c V1.0 SP1 Upd1"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2019-07-10",
  "title": "Siemens TIA Administrator\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e"
}

CVE-2019-10915 (GCVE-0-2019-10915)

Vulnerability from cvelistv5

Published

2019-07-11 21:17

Modified

2024-08-04 22:40

Severity ?

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf	x_refsource_MISC
	http://www.securityfocus.com/bid/109124	vdb-entry, x_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/icsa-19-253-02	x_refsource_MISC