Lucene search

[email protected]NVD:CVE-2019-6567

HistoryJun 12, 2019 - 2:29 p.m.

CVE-2019-6567

2019-06-1214:29:04

CWE-522

CWE-257

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.6%

JSON

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.

Affected configurations

Nvd

Node

siemensscalance_x-200Match-

AND

siemensscalance_x-200_firmwareRange<5.2.4

Node

siemensscalance_x-200irtMatch-

AND

siemensscalance_x-200irt_firmware

Node

siemensscalance_x-300Match-

AND

siemensscalance_x-300_firmware

Node

siemensscalance_x-414-3eMatch-

AND

siemensscalance_x-414-3e_firmware

VendorProductVersionCPE
siemensscalance_x-200-cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*
siemensscalance_x-200_firmware*cpe:2.3:o:siemens:scalance_x-200_firmware:*:*:*:*:*:*:*:*
siemensscalance_x-200irt-cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*
siemensscalance_x-200irt_firmware*cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*
siemensscalance_x-300-cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*
siemensscalance_x-300_firmware*cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*
siemensscalance_x-414-3e-cpe:2.3:h:siemens:scalance_x-414-3e:-:*:*:*:*:*:*:*
siemensscalance_x-414-3e_firmware*cpe:2.3:o:siemens:scalance_x-414-3e_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	scalance_x-200	-	cpe:2.3:h:siemens:scalance_x-200:-:::::::*
siemens	scalance_x-200_firmware	*	cpe:2.3:o:siemens:scalance_x-200_firmware::::::::
siemens	scalance_x-200irt	-	cpe:2.3:h:siemens:scalance_x-200irt:-:::::::*
siemens	scalance_x-200irt_firmware	*	cpe:2.3:o:siemens:scalance_x-200irt_firmware::::::::
siemens	scalance_x-300	-	cpe:2.3:h:siemens:scalance_x-300:-:::::::*
siemens	scalance_x-300_firmware	*	cpe:2.3:o:siemens:scalance_x-300_firmware::::::::
siemens	scalance_x-414-3e	-	cpe:2.3:h:siemens:scalance_x-414-3e:-:::::::*
siemens	scalance_x-414-3e_firmware	*	cpe:2.3:o:siemens:scalance_x-414-3e_firmware::::::::

References

cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2019-6567

pentestpartners2 cve1 cvelist1 ics1 prion1 nessus1