PT-2019-2671 · Siemens · Simatic Mv400

Published

2019-06-11

Updated

2021-03-15

CVE-2019-10926

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC MV400 family versions prior to V7.0.6

Description The issue is related to a lack of encryption in the communication between the device and the user. This allows an attacker in a privileged network position to obtain data transmitted between the device and the user. The attacker must be in a position to eavesdrop on the communication between the affected device and the user, and the user must invoke a session. Successful exploitation compromises the confidentiality of the transmitted data.

Recommendations For SIMATIC MV400 family versions prior to V7.0.6, update to version V7.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-310

Related Identifiers

BDU:2019-02558

CVE-2019-10926

Affected Products

Simatic Mv400

PT-2019-2671 · Siemens · Simatic Mv400

CVE-2019-10926

Weakness Enumeration

Related Identifiers

Affected Products

References · 5