CVE-2019-19278

🗓️ 16 Jan 2020 15:35:24Reported by siemensType

A vulnerability in SINAMICS PERFECT HARMONY GH180 Drives MLFB with option A30 and MLFB 6SR325, allows unauthenticated attacker to bypass security mechanisms with physical access

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the SINAMICS PERFECT HARMONY GH180 driver software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the device.	10 Apr 202000:00	–	bdu_fstec
CNVD	SIEMENS SINAMICS PERFECT HARMONY GH180 Access Control Vulnerability	15 Jan 202000:00	–	cnvd
CVE	CVE-2019-19278	16 Jan 202015:35	–	cve
EUVD	EUVD-2019-8902	7 Oct 202500:30	–	euvd
ICS	Siemens SINAMICS PERFECT HARMONY GH180	14 Jan 202000:00	–	ics
NVD	CVE-2019-19278	16 Jan 202016:15	–	nvd
Prion	Design/Logic Flaw	16 Jan 202016:15	–	prion
RedhatCVE	CVE-2019-19278	22 May 202508:25	–	redhatcve

[
  {
    "product": "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR32..-.....-....\n\n MLFB 6SR4...-.....-....\n\n MLFB 6SR5...-.....-....\n\n With option A30 (HMIs 12 inches or larger)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR325.-.....-.... (High Availability)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Source	Link
us-cert	www.us-cert.gov/ics/advisories/icsa-20-014-04
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf

21 Jan 2020 19:57Current

6.5Medium risk

Vulners AI Score6.5

EPSS0.00316

CWE-693