PT-2019-3851 · Siemens · Simatic It Uadm

Publicado

2019-10-08

Atualizado

2020-10-16

CVE-2019-13929

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC IT UADM versions prior to V1.3

Description The issue is related to a predictable encryption key. An authenticated remote attacker could potentially recover a password and gain read and write access to the related TeamCenter station. The attacker must have network access to port 1434/tcp of SIMATIC IT UADM. No user interaction is required for exploitation, and successful exploitation compromises the confidentiality of the targeted system.

Recommendations For versions prior to V1.3, update to version V1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to port 1434/tcp to minimize the risk of exploitation.

Correção

Insufficiently Protected Credentials

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-321CWE-330

Identificadores relacionados

BDU:2019-04214

CVE-2019-13929

Produtos afetados

Simatic It Uadm

PT-2019-3851 · Siemens · Simatic It Uadm

CVE-2019-13929

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4