Details of VAR-201905-0113

ID

VAR-201905-0113

CVE

CVE-2019-6574

TITLE

SINAMICS PERFECT HARMONY GH180 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004731

DESCRIPTION

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SINAMICS PERFECT HARMONY GH180 is a high-voltage AC inverter manufactured by Siemens, Germany. Access control error vulnerabilities exist in many Siemens products

Trust: 2.25

sources: NVD: CVE-2019-6574 // JVNDB: JVNDB-2019-004731 // CNVD: CNVD-2021-54364 // VULHUB: VHN-158009

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-54364

AFFECTED PRODUCTS

vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr2	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr2	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr4	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr3	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr3	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr4	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr4	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr4	scope:	eq	version:	*	Trust: 1.0

sources: CNVD: CNVD-2021-54364 // JVNDB: JVNDB-2019-004731 // NVD: CVE-2019-6574

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6574
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6574
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-54364
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-606
value:	HIGH
Trust: 0.6
VULHUB:	VHN-158009
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6574
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-54364
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-158009
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6574
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6574
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-54364 // VULHUB: VHN-158009 // JVNDB: JVNDB-2019-004731 // CNNVD: CNNVD-201905-606 // NVD: CVE-2019-6574

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-158009 // JVNDB: JVNDB-2019-004731 // NVD: CVE-2019-6574

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-606

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201905-606

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004731

PATCH

title:	SSA-865156	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf	Trust: 0.8
title:	Patch for Access control error vulnerabilities in multiple Siemens products	url:	https://www.cnvd.org.cn/patchInfo/show/280971	Trust: 0.6
title:	Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92747	Trust: 0.6

sources: CNVD: CNVD-2021-54364 // JVNDB: JVNDB-2019-004731 // CNNVD: CNNVD-201905-606

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6574	Trust: 3.1
db:	SIEMENS	id:	SSA-865156	Trust: 2.3
db:	ICS CERT	id:	ICSA-19-134-06	Trust: 1.4
db:	JVNDB	id:	JVNDB-2019-004731	Trust: 0.8
db:	CNVD	id:	CNVD-2021-54364	Trust: 0.7
db:	CNNVD	id:	CNNVD-201905-606	Trust: 0.7
db:	ICS CERT	id:	ICSA-19-134-02	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1716.2	Trust: 0.6
db:	VULHUB	id:	VHN-158009	Trust: 0.1

sources: CNVD: CNVD-2021-54364 // VULHUB: VHN-158009 // JVNDB: JVNDB-2019-004731 // CNNVD: CNNVD-201905-606 // NVD: CVE-2019-6574

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6574	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6574	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-134-06	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0	Trust: 0.6
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-134-06	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80946	Trust: 0.6

sources: CNVD: CNVD-2021-54364 // VULHUB: VHN-158009 // JVNDB: JVNDB-2019-004731 // CNNVD: CNNVD-201905-606 // NVD: CVE-2019-6574

CREDITS

Siemens reported this vulnerability to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201905-606

SOURCES

db:	CNVD	id:	CNVD-2021-54364
db:	VULHUB	id:	VHN-158009
db:	JVNDB	id:	JVNDB-2019-004731
db:	CNNVD	id:	CNNVD-201905-606
db:	NVD	id:	CVE-2019-6574

LAST UPDATE DATE

2024-11-23T21:37:16.722000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-54364	date:	2021-07-24T00:00:00
db:	VULHUB	id:	VHN-158009	date:	2020-10-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-004731	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201905-606	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-6574	date:	2024-11-21T04:46:43.827

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-54364	date:	2021-07-24T00:00:00
db:	VULHUB	id:	VHN-158009	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004731	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-606	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-6574	date:	2019-05-14T20:29:04.263