CVE-2019-10925

Name of the Vulnerable Software and Affected Versions SIMATIC MV400 family versions prior to V7.0.6

Description A vulnerability has been identified that allows an authenticated attacker to escalate privileges by sending specially crafted requests to the integrated webserver. The issue can be exploited by an attacker with network access to the device, requiring valid user credentials but no user interaction. Successful exploitation compromises the integrity and availability of the device. At the time of advisory publication, no public exploitation of this security issue was known.

Recommendations For SIMATIC MV400 family versions prior to V7.0.6, update to version V7.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the integrated webserver to minimize the risk of exploitation.