CVE-2019-10927

13.08.2019, 19:15

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
siemens	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Vendor	Product	Version
siemens	scalance_xb-200_firmware	4.1
siemens	scalance_xc-200_firmware	4.1
siemens	scalance_xf-200ba_firmware	4.1
siemens	scalance_xp-200_firmware	4.1
siemens	scalance_xr-300wg_firmware	4.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-703 - Improper Check or Handling of Exceptional Conditions
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf