CVE-2019-10928

Name of the Vulnerable Software and Affected Versions SCALANCE SC-600 version V2.0

Description A vulnerability has been identified that allows an authenticated attacker with physical access to the device and access to port 22/tcp to execute arbitrary commands. The vulnerability can be exploited without user interaction and impacts the confidentiality, integrity, and availability of the device. It is related to incorrect handling of exceptional states, which may allow an attacker to execute arbitrary code.

Recommendations For SCALANCE SC-600 version V2.0, consider restricting physical access to the device and limiting access to port 22/tcp to minimize the risk of exploitation. As a temporary workaround, consider disabling access to the device until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.