PT-2019-3851 · Siemens · Simatic It Uadm

Published

2019-10-08

Updated

2020-10-16

CVE-2019-13929

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC IT UADM versions prior to V1.3

Description The issue is related to a predictable encryption key. An authenticated remote attacker could potentially recover a password and gain read and write access to the related TeamCenter station. The attacker must have network access to port 1434/tcp of SIMATIC IT UADM. No user interaction is required for exploitation, and successful exploitation compromises the confidentiality of the targeted system.

Recommendations For versions prior to V1.3, update to version V1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to port 1434/tcp to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-321CWE-330

Related Identifiers

BDU:2019-04214

CVE-2019-13929

Affected Products

Simatic It Uadm

PT-2019-3851 · Siemens · Simatic It Uadm

CVE-2019-13929

Weakness Enumeration

Related Identifiers

Affected Products

References · 4