Lucene search

[email protected]CVE-2019-6578

HistoryMay 14, 2019 - 8:29 p.m.

CVE-2019-6578

2019-05-1420:29:04

CWE-400

[email protected]

web.nvd.nist.gov

sinamics perfect harmony

gh180

nxg

mlfb

denial of service

vulnerability

nvd

cve-2019-6578

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.6%

JSON

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2…-, 6SR3…-, 6SR4…- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2…-, 6SR3…-, 6SR4…- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected configurations

NVD

Node

siemenssinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2_firmware

AND

siemenssinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2Match-

Node

siemenssinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3_firmware

AND

siemenssinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3Match-

Node

siemenssinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4_firmware

AND

siemenssinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4Match-

Node

siemenssinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2_firmware

AND

siemenssinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2Match-

Node

siemenssinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3_firmware

AND

siemenssinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3Match-

Node

siemenssinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4_firmware

AND

siemenssinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4Match-

CPENameOperatorVersion
siemens:sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2_firmwaresiemens sinamics perfect harmony gh180 with nxg i control mlfb 6sr2 firmwareeq*

CPE	Name	Operator	Version
siemens:sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2_firmware	siemens sinamics perfect harmony gh180 with nxg i control mlfb 6sr2 firmware	eq	*

CNA Affected

[
  {
    "product": "SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions with option G28"
      }
    ]
  },
  {
    "product": "SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions with option G28"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf

ics-cert.us-cert.gov/advisories/ICSA-19-134-05

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for CVE-2019-6578

nvd1 prion1 cvelist1 ics1