#VU20347 Improper Adherence to Coding Standards in Siemens products - CVE-2019-10927

Cybersecurity Help s.r.o.

Published: 2019-08-21

Vulnerability identifier: #VU20347

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-10927

CWE-ID: N/A

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SCALANCE SR-300WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP-200
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF-200BA
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC-200
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB-200
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE SC-600
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Siemens

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the software does not follow certain coding rules for development. A remote authenticated attacker with network access to Port 22/TCP of an affected device can cause a denial-of-service condition.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SCALANCE SR-300WG: 4.1

SCALANCE XP-200: 4.1

SCALANCE XF-200BA: 4.1

SCALANCE XC-200: 4.1

SCALANCE XB-200: 4.1

SCALANCE SC-600: 2.0

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Adherence to Coding Standards in tiff (Alpine package)

Multiple vulnerabilities in Siemens SCALANCE Products