var-201905-0113
Vulnerability from variot
A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SINAMICS PERFECT HARMONY GH180 is a high-voltage AC inverter manufactured by Siemens, Germany.
Access control error vulnerabilities exist in many Siemens products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinamics perfect harmony gh180 with nxg i control mlfb 6sr2",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics perfect harmony gh180 with nxg ii control mlfb 6sr2",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics perfect harmony gh180 with nxg i control mlfb 6sr4",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics perfect harmony gh180 with nxg i control mlfb 6sr3",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics perfect harmony gh180 with nxg ii control mlfb 6sr3",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics perfect harmony gh180 with nxg ii control mlfb 6sr4",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics perfect harmony gh180 with nxg i control mlfb 6sr2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics perfect harmony gh180 with nxg i control mlfb 6sr4",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics perfect harmony gh180 with nxg ii control mlfb 6sr3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics perfect harmony gh180 with nxg ii control mlfb 6sr2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics perfect harmony gh180 with nxg i control mlfb 6sr3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics perfect harmony gh180 with nxg ii control mlfb 6sr4",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"db": "NVD",
"id": "CVE-2019-6574"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-606"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6574",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6574",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-54364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158009",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6574",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6574",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6574",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6574",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-54364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-606",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158009",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"db": "VULHUB",
"id": "VHN-158009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-606"
},
{
"db": "NVD",
"id": "CVE-2019-6574"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SINAMICS PERFECT HARMONY GH180 is a high-voltage AC inverter manufactured by Siemens, Germany. \n\r\n\r\nAccess control error vulnerabilities exist in many Siemens products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6574"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"db": "VULHUB",
"id": "VHN-158009"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6574",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-865156",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-134-06",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-54364",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201905-606",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-134-02",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1716.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158009",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"db": "VULHUB",
"id": "VHN-158009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-606"
},
{
"db": "NVD",
"id": "CVE-2019-6574"
}
]
},
"id": "VAR-201905-0113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"db": "VULHUB",
"id": "VHN-158009"
}
],
"trust": 1.3365079333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-54364"
}
]
},
"last_update_date": "2024-11-23T21:37:16.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-865156",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
},
{
"title": "Patch for Access control error vulnerabilities in multiple Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/280971"
},
{
"title": "Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92747"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-606"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"db": "NVD",
"id": "CVE-2019-6574"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6574"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6574"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-134-06"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-06"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80946"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"db": "VULHUB",
"id": "VHN-158009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-606"
},
{
"db": "NVD",
"id": "CVE-2019-6574"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"db": "VULHUB",
"id": "VHN-158009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-606"
},
{
"db": "NVD",
"id": "CVE-2019-6574"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"date": "2019-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-158009"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-606"
},
{
"date": "2019-05-14T20:29:04.263000",
"db": "NVD",
"id": "CVE-2019-6574"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-54364"
},
{
"date": "2020-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-158009"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004731"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-606"
},
{
"date": "2024-11-21T04:46:43.827000",
"db": "NVD",
"id": "CVE-2019-6574"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-606"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SINAMICS PERFECT HARMONY GH180 Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-606"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…