var-201906-0210
Vulnerability from variot
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. plural SCALANCE The product contains vulnerabilities related to certificate and password management.Information may be obtained. SiemensSCALANCEXswitches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A local information disclosure vulnerability exists in SiemensSCALANCEXSwitches. Local attackers can exploit vulnerabilities to obtain sensitive information. Siemens SCALANCE X Switches are prone to an local information-disclosure vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. A trust management issue vulnerability exists in several Siemens products due to the program storing passwords in a recoverable format
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0210", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance x-200", "scope": "lt", "trust": 1.8, "vendor": "siemens", "version": "5.2.4" }, { "model": "scalance x-414-3e", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance x-200irt", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x-300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x-414-3e", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x200 irt", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x-300" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x-200\u003cv5.2.4" }, { "model": "scalance x-200irt", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance x-414-3e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x-3000" }, { "model": "scalance x-200irt", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x-2005.2.3" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x-2004.5" }, { "model": "scalance", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "x-2005.2.4" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 200", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 200irt", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 300", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 414 3e", "version": "*" } ], "sources": [ { "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "db": "CNVD", "id": "CNVD-2019-17149" }, { "db": "BID", "id": "108726" }, { "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "db": "NVD", "id": "CVE-2019-6567" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:scalance_x-200_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_x-414-3e_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_x200irt_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_x300_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005572" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Christopher Wade from Pen Test Partners,Siemens thanks Christopher Wade from Pen Test Partners for coordinated disclosure. Siemens reported this vulnerability to NCCIC.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-517" } ], "trust": 0.6 }, "cve": "CVE-2019-6567", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2019-6567", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2019-17149", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-158002", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-6567", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-6567", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-6567", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2019-6567", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2019-17149", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201906-517", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-158002", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "db": "CNVD", "id": "CNVD-2019-17149" }, { "db": "VULHUB", "id": "VHN-158002" }, { "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "db": "CNNVD", "id": "CNNVD-201906-517" }, { "db": "NVD", "id": "CVE-2019-6567" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. plural SCALANCE The product contains vulnerabilities related to certificate and password management.Information may be obtained. SiemensSCALANCEXswitches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A local information disclosure vulnerability exists in SiemensSCALANCEXSwitches. Local attackers can exploit vulnerabilities to obtain sensitive information. Siemens SCALANCE X Switches are prone to an local information-disclosure vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. A trust management issue vulnerability exists in several Siemens products due to the program storing passwords in a recoverable format", "sources": [ { "db": "NVD", "id": "CVE-2019-6567" }, { "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "db": "CNVD", "id": "CNVD-2019-17149" }, { "db": "BID", "id": "108726" }, { "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "db": "VULHUB", "id": "VHN-158002" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6567", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-646841", "trust": 2.6 }, { "db": "ICS CERT", "id": "ICSA-19-162-04", "trust": 1.7 }, { "db": "BID", "id": "108726", "trust": 1.0 }, { "db": "CNNVD", "id": "CNNVD-201906-517", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-17149", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-005572", "trust": 0.8 }, { "db": "IVD", "id": "837D970C-B3A2-4F6A-AA55-5BFC45DCB3B6", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-158002", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "db": "CNVD", "id": "CNVD-2019-17149" }, { "db": "VULHUB", "id": "VHN-158002" }, { "db": "BID", "id": "108726" }, { "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "db": "CNNVD", "id": "CNNVD-201906-517" }, { "db": "NVD", "id": "CVE-2019-6567" } ] }, "id": "VAR-201906-0210", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "db": "CNVD", "id": "CNVD-2019-17149" }, { "db": "VULHUB", "id": "VHN-158002" } ], "trust": 1.4908257 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "db": "CNVD", "id": "CNVD-2019-17149" } ] }, "last_update_date": "2024-11-23T23:08:24.111000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-646841", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf" }, { "title": "Patch for SiemensSCALANCEXSwitches Local Information Disclosure Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/163431" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-17149" }, { "db": "JVNDB", "id": "JVNDB-2019-005572" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-522", "trust": 1.1 }, { "problemtype": "CWE-257", "trust": 1.0 }, { "problemtype": "CWE-255", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-158002" }, { "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "db": "NVD", "id": "CVE-2019-6567" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-162-04" }, { "trust": 0.9, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.9, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-162-04" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6567" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6567" }, { "trust": 0.6, "url": "https://www.securityfocus.com/bid/108726" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-162-04" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-17149" }, { "db": "VULHUB", "id": "VHN-158002" }, { "db": "BID", "id": "108726" }, { "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "db": "CNNVD", "id": "CNNVD-201906-517" }, { "db": "NVD", "id": "CVE-2019-6567" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "db": "CNVD", "id": "CNVD-2019-17149" }, { "db": "VULHUB", "id": "VHN-158002" }, { "db": "BID", "id": "108726" }, { "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "db": "CNNVD", "id": "CNNVD-201906-517" }, { "db": "NVD", "id": "CVE-2019-6567" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-13T00:00:00", "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "date": "2019-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2019-17149" }, { "date": "2019-06-12T00:00:00", "db": "VULHUB", "id": "VHN-158002" }, { "date": "2019-06-11T00:00:00", "db": "BID", "id": "108726" }, { "date": "2019-06-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "date": "2019-06-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-517" }, { "date": "2019-06-12T14:29:04.820000", "db": "NVD", "id": "CVE-2019-6567" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2019-17149" }, { "date": "2020-10-06T00:00:00", "db": "VULHUB", "id": "VHN-158002" }, { "date": "2019-06-11T00:00:00", "db": "BID", "id": "108726" }, { "date": "2019-07-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005572" }, { "date": "2021-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-517" }, { "date": "2024-11-21T04:46:42.633000", "db": "NVD", "id": "CVE-2019-6567" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "108726" }, { "db": "CNNVD", "id": "CNNVD-201906-517" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SCALANCE X Switches Local Information Disclosure Vulnerability", "sources": [ { "db": "IVD", "id": "837d970c-b3a2-4f6a-aa55-5bfc45dcb3b6" }, { "db": "CNVD", "id": "CNVD-2019-17149" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-517" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.