var-201910-0917
Vulnerability from variot
A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC IT UADM Contains a vulnerability related to information disclosure from the cache.Information may be obtained. Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM) is a set of Manufacturing Execution System (MES) solutions from Siemens, Germany.
A password storage vulnerability exists in Siemens SIMATIC IT UADM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0917",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic it uadm",
"scope": "lt",
"trust": 2.4,
"vendor": "siemens",
"version": "1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic it uadm",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_it_uadm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
}
]
},
"cve": "CVE-2019-13929",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-13929",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-34596",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-13929",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13929",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13929",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-13929",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-34596",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-417",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-13929",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC IT UADM (All versions \u003c V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC IT UADM Contains a vulnerability related to information disclosure from the cache.Information may be obtained. Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM) is a set of Manufacturing Execution System (MES) solutions from Siemens, Germany. \n\nA password storage vulnerability exists in Siemens SIMATIC IT UADM",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13929",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-984700",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-281-04",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-34596",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3779",
"trust": 0.6
},
{
"db": "IVD",
"id": "2B632D60-B3F0-452D-A02A-CA327AEF1C0B",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-13929",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"id": "VAR-201910-0917",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
}
],
"trust": 1.4666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
}
]
},
"last_update_date": "2024-11-23T22:48:13.514000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-984700",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
},
{
"title": "Patch for Siemens SIMATIC IT UADM password storage vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/184349"
},
{
"title": "Siemens SIMATIC IT Unified Architecture Discrete Manufacturing Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99084"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=218cc8b0370afec50119bc253e2d9c78"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.0
},
{
"problemtype": "CWE-321",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13929"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-281-04"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13929"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3779/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-it-uadm-privilege-escalation-via-password-recovery-30561"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
},
{
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"date": "2019-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-417"
},
{
"date": "2019-10-10T14:15:14.860000",
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34596"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13929"
},
{
"date": "2019-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010607"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-417"
},
{
"date": "2024-11-21T04:25:43.067000",
"db": "NVD",
"id": "CVE-2019-13929"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC IT UADM Password storage vulnerability",
"sources": [
{
"db": "IVD",
"id": "2b632d60-b3f0-452d-a02a-ca327aef1c0b"
},
{
"db": "CNVD",
"id": "CNVD-2019-34596"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-417"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…