CVE-2019-10938

Summary

CVE	CVE-2019-10938
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-08-02 14:15:00 UTC
Updated	2020-10-02 14:07:00 UTC
Description	A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	6md85	-	All	All	All
Hardware	Siemens	6md85	-	All	All	All
Hardware	Siemens	6md86	-	All	All	All
Hardware	Siemens	6md86	-	All	All	All
Hardware	Siemens	6md89	-	All	All	All
Hardware	Siemens	6md89	-	All	All	All
Hardware	Siemens	7sa82	-	All	All	All
Hardware	Siemens	7sa82	-	All	All	All
Hardware	Siemens	7sa86	-	All	All	All
Hardware	Siemens	7sa86	-	All	All	All
Hardware	Siemens	7sa87	-	All	All	All
Hardware	Siemens	7sa87	-	All	All	All
Hardware	Siemens	7sd82	-	All	All	All
Hardware	Siemens	7sd82	-	All	All	All
Hardware	Siemens	7sd86	-	All	All	All
Hardware	Siemens	7sd86	-	All	All	All
Hardware	Siemens	7sd87	-	All	All	All
Hardware	Siemens	7sd87	-	All	All	All
Hardware	Siemens	7sj82	-	All	All	All
Hardware	Siemens	7sj82	-	All	All	All
Hardware	Siemens	7sj85	-	All	All	All
Hardware	Siemens	7sj85	-	All	All	All
Hardware	Siemens	7sj86	-	All	All	All
Hardware	Siemens	7sj86	-	All	All	All
Hardware	Siemens	7sk82	-	All	All	All
Hardware	Siemens	7sk82	-	All	All	All
Hardware	Siemens	7sk85	-	All	All	All
Hardware	Siemens	7sk85	-	All	All	All
Hardware	Siemens	7sl82	-	All	All	All
Hardware	Siemens	7sl82	-	All	All	All
Hardware	Siemens	7sl86	-	All	All	All
Hardware	Siemens	7sl86	-	All	All	All
Hardware	Siemens	7sl87	-	All	All	All
Hardware	Siemens	7sl87	-	All	All	All
Hardware	Siemens	7um85	-	All	All	All
Hardware	Siemens	7um85	-	All	All	All
Hardware	Siemens	7ut82	-	All	All	All
Hardware	Siemens	7ut82	-	All	All	All
Hardware	Siemens	7ut85	-	All	All	All
Hardware	Siemens	7ut85	-	All	All	All
Hardware	Siemens	7ut86	-	All	All	All
Hardware	Siemens	7ut86	-	All	All	All
Hardware	Siemens	7ut87	-	All	All	All
Hardware	Siemens	7ut87	-	All	All	All
Hardware	Siemens	7ve85	-	All	All	All
Hardware	Siemens	7ve85	-	All	All	All
Hardware	Siemens	7vk87	-	All	All	All
Hardware	Siemens	7vk87	-	All	All	All
Application	Siemens	Siprotec 5 Digsi Device Driver	All	All	All	All
Application	Siemens	Siprotec 5 Digsi Device Driver	All	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf	CONFIRM	cert-portal.siemens.com	Mitigation, Patch, Vendor Advisory
cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf	MISC	cert-portal.siemens.com	Mitigation, Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590640 Siemens Power Meters Urgent/11 Transmission Control Protocol/Internet Protocol (TCP/IP) Stack Multiple Vulnerabilities (SSA-352504)
590641 Siemens SIPROTEC 5 Ethernet plug-in communication modules and devices Multiple Vulnerabilities (SSA-632562)