PT-2019-2671 · Siemens · Simatic Mv400

Publicado

2019-06-11

Atualizado

2021-03-15

CVE-2019-10926

CVSS v2.0

2.6

Baixa

Vetor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC MV400 family versions prior to V7.0.6

Description The issue is related to a lack of encryption in the communication between the device and the user. This allows an attacker in a privileged network position to obtain data transmitted between the device and the user. The attacker must be in a position to eavesdrop on the communication between the affected device and the user, and the user must invoke a session. Successful exploitation compromises the confidentiality of the transmitted data.

Recommendations For SIMATIC MV400 family versions prior to V7.0.6, update to version V7.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-310

Identificadores relacionados

BDU:2019-02558

CVE-2019-10926

Produtos afetados

Simatic Mv400

PT-2019-2671 · Siemens · Simatic Mv400

CVE-2019-10926

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5