Details of VAR-201905-0116

ID

VAR-201905-0116

CVE

CVE-2019-6578

TITLE

SINAMICS PERFECT HARMONY GH180 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004732

DESCRIPTION

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. SINAMICS PERFECT HARMONY GH180 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSINAMICSPERFECTHARMONYGH180 is a high-voltage AC inverter from Siemens, Germany. The vulnerability stems from a network system or product that does not properly validate the input data

Trust: 2.34

sources: NVD: CVE-2019-6578 // JVNDB: JVNDB-2019-004732 // CNVD: CNVD-2019-17521 // VULHUB: VHN-158013 // VULMON: CVE-2019-6578

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-17521

AFFECTED PRODUCTS

vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr4	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr4	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr3	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfb 6sr4	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr3	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfb 6sr4	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfbs 6sr2	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfbs 6sr3	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg ii control mlfbs 6sr4	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfbs 6sr2	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfbs 6sr3	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinamics perfect harmony gh180 with nxg i control mlfbs 6sr4	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-17521 // JVNDB: JVNDB-2019-004732 // NVD: CVE-2019-6578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6578
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6578
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-17521
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-608
value:	HIGH
Trust: 0.6
VULHUB:	VHN-158013
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-6578
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6578
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-17521
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-158013
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6578
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6578
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-17521 // VULHUB: VHN-158013 // VULMON: CVE-2019-6578 // JVNDB: JVNDB-2019-004732 // CNNVD: CNNVD-201905-608 // NVD: CVE-2019-6578

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-158013 // JVNDB: JVNDB-2019-004732 // NVD: CVE-2019-6578

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-608

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-608

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004732

PATCH

title:	SSA-606525	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf	Trust: 0.8
title:	Patches for multiple Siemens products entering verification error vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/163685	Trust: 0.6
title:	Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92749	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0b34cf03b34e9be89167c71b247a9a44	Trust: 0.1

sources: CNVD: CNVD-2019-17521 // VULMON: CVE-2019-6578 // JVNDB: JVNDB-2019-004732 // CNNVD: CNNVD-201905-608

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6578	Trust: 3.2
db:	ICS CERT	id:	ICSA-19-134-05	Trust: 2.6
db:	SIEMENS	id:	SSA-606525	Trust: 2.4
db:	JVNDB	id:	JVNDB-2019-004732	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-608	Trust: 0.7
db:	CNVD	id:	CNVD-2019-17521	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-134-02	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1716.2	Trust: 0.6
db:	VULHUB	id:	VHN-158013	Trust: 0.1
db:	VULMON	id:	CVE-2019-6578	Trust: 0.1

sources: CNVD: CNVD-2019-17521 // VULHUB: VHN-158013 // VULMON: CVE-2019-6578 // JVNDB: JVNDB-2019-004732 // CNNVD: CNNVD-201905-608 // NVD: CVE-2019-6578

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-134-05	Trust: 2.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6578	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6578	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80946	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-17521 // VULHUB: VHN-158013 // VULMON: CVE-2019-6578 // JVNDB: JVNDB-2019-004732 // CNNVD: CNNVD-201905-608 // NVD: CVE-2019-6578

CREDITS

Siemens reported this vulnerability to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201905-608

SOURCES

db:	CNVD	id:	CNVD-2019-17521
db:	VULHUB	id:	VHN-158013
db:	VULMON	id:	CVE-2019-6578
db:	JVNDB	id:	JVNDB-2019-004732
db:	CNNVD	id:	CNNVD-201905-608
db:	NVD	id:	CVE-2019-6578

LAST UPDATE DATE

2024-11-23T21:37:16.856000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-17521	date:	2019-06-16T00:00:00
db:	VULHUB	id:	VHN-158013	date:	2020-10-06T00:00:00
db:	VULMON	id:	CVE-2019-6578	date:	2020-10-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-004732	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-608	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-6578	date:	2024-11-21T04:46:44.410

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-17521	date:	2019-06-14T00:00:00
db:	VULHUB	id:	VHN-158013	date:	2019-05-14T00:00:00
db:	VULMON	id:	CVE-2019-6578	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004732	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-608	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-6578	date:	2019-05-14T20:29:04.670