CVE-2019-10939

Name of the Vulnerable Software and Affected Versions TIM 3V-IE (incl. SIPLUS NET variants) versions prior to V2.8 TIM 3V-IE Advanced (incl. SIPLUS NET variants) versions prior to V2.8 TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions prior to V3.3 TIM 4R-IE (incl. SIPLUS NET variants) versions prior to V2.8 TIM 4R-IE DNP3 (incl. SIPLUS NET variants) versions prior to V3.3

Description A vulnerability has been identified in the affected devices, which contain an open debug port available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this issue. The issue impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory, no public exploitation is known.

Recommendations For TIM 3V-IE (incl. SIPLUS NET variants) versions prior to V2.8, update to version V2.8 or later. For TIM 3V-IE Advanced (incl. SIPLUS NET variants) versions prior to V2.8, update to version V2.8 or later. For TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions prior to V3.3, update to version V3.3 or later. For TIM 4R-IE (incl. SIPLUS NET variants) versions prior to V2.8, update to version V2.8 or later. For TIM 4R-IE DNP3 (incl. SIPLUS NET variants) versions prior to V3.3, update to version V3.3 or later. As a temporary workaround, consider restricting network access to the device when the IP address is configured to 192.168.1.2.