Sign-up

ID

VAR-201906-0203


CVE

CVE-2019-6571


TITLE

SIEMENS LOGO!8 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005571

DESCRIPTION

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). An attacker with network access to port 10005/tcp of the LOGO! device could cause a Denial-of-Service condition by sending specially crafted packets. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIEMENS LOGO!8 Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. LOGO!8 is the 8th generation intelligent logic controller of Siemens. It is the NanoPLC in the Siemens PLC family. It simplifies the programming configuration, the integrated panel can display more content, and can be easily integrated efficiently through the integrated Ethernet interface. interconnected. A buffer error vulnerability exists in SiemensLOGO!8. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. Siemens LOGO!8 Devices are prone to multiple security vulnerabilities

Trust: 2.7

sources: NVD: CVE-2019-6571 // JVNDB: JVNDB-2019-005571 // CNVD: CNVD-2019-17151 // BID: 108728 // IVD: c64b4706-2fde-4842-9ded-b92b3cdef24b // VULHUB: VHN-158006

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: c64b4706-2fde-4842-9ded-b92b3cdef24b // CNVD: CNVD-2019-17151

AFFECTED PRODUCTS

vendor:siemensmodel:logo\!8scope:lteversion:1.81.00

Trust: 1.0

vendor:siemensmodel:logo\!8scope:gteversion:1.80.00

Trust: 1.0

vendor:siemensmodel:logo\!8scope:ltversion:1.82.00

Trust: 1.0

vendor:siemensmodel:logo!8scope:eqversion:1.82.01

Trust: 0.9

vendor:siemensmodel:6ed1052-1cc08-0ba0scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-1fb08-0ba0scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-1hb08-0ba0scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-1md08-0ba0scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-2cc08-0ba0scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-2fb00-0ba8scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-2fb08-0ba0scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-2hb08-0ba0scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-2md00-0ba8scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-2md08-0ba0scope: - version: -

Trust: 0.8

vendor:6ed1052 1fb00 0ba8model: - scope:eqversion:1.80.xx

Trust: 0.4

vendor:6ed1052 1fb00 0ba8model: - scope:eqversion:1.81.xx

Trust: 0.4

vendor:6ed1052 2md00 0ba8model: - scope:eqversion:1.80.xx

Trust: 0.4

vendor:6ed1052 2md00 0ba8model: - scope:eqversion:1.81.xx

Trust: 0.4

vendor:siemensmodel:logo!8scope:neversion:1.82.02

Trust: 0.3

vendor:6ed1052 1cc08 0ba0model: - scope:eqversion:*

Trust: 0.2

vendor:6ed1052 2fb00 0ba8model: - scope:eqversion:1.80.xx

Trust: 0.2

vendor:6ed1052 2fb00 0ba8model: - scope:eqversion:1.81.xx

Trust: 0.2

vendor:6ed1052 2hb00 0ba8model: - scope:eqversion:1.80.xx

Trust: 0.2

vendor:6ed1052 2hb00 0ba8model: - scope:eqversion:1.81.xx

Trust: 0.2

vendor:6ed1052 1md00 0ba8model: - scope:eqversion:1.80.xx

Trust: 0.2

vendor:6ed1052 1md00 0ba8model: - scope:eqversion:1.81.xx

Trust: 0.2

vendor:6ed1052 2cc01 0ba8model: - scope:eqversion:1.80.xx

Trust: 0.2

vendor:6ed1052 2cc01 0ba8model: - scope:eqversion:1.81.xx

Trust: 0.2

vendor:6ed1052 1cc01 0ba8model: - scope:eqversion:1.80.xx

Trust: 0.2

vendor:6ed1052 1cc01 0ba8model: - scope:eqversion:1.81.xx

Trust: 0.2

vendor:6ed1052 1hb00 0ba8model: - scope:eqversion:1.80.xx

Trust: 0.2

vendor:6ed1052 1hb00 0ba8model: - scope:eqversion:1.81.xx

Trust: 0.2

vendor:6ed1052 1fb08 0ba0model: - scope:eqversion:*

Trust: 0.2

vendor:6ed1052 1hb08 0ba0model: - scope:eqversion:*

Trust: 0.2

vendor:6ed1052 1md08 0ba0model: - scope:eqversion:*

Trust: 0.2

vendor:6ed1052 2cc08 0ba0model: - scope:eqversion:*

Trust: 0.2

vendor:6ed1052 2fb08 0ba0model: - scope:eqversion:*

Trust: 0.2

vendor:6ed1052 2hb08 0ba0model: - scope:eqversion:*

Trust: 0.2

vendor:6ed1052 2md08 0ba0model: - scope:eqversion:*

Trust: 0.2

sources: IVD: c64b4706-2fde-4842-9ded-b92b3cdef24b // CNVD: CNVD-2019-17151 // BID: 108728 // JVNDB: JVNDB-2019-005571 // NVD: CVE-2019-6571

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6571
value: HIGH

Trust: 1.0

NVD: CVE-2019-6571
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-17151
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-521
value: HIGH

Trust: 0.6

IVD: c64b4706-2fde-4842-9ded-b92b3cdef24b
value: HIGH

Trust: 0.2

VULHUB: VHN-158006
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6571
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-17151
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: c64b4706-2fde-4842-9ded-b92b3cdef24b
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-158006
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6571
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6571
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: c64b4706-2fde-4842-9ded-b92b3cdef24b // CNVD: CNVD-2019-17151 // VULHUB: VHN-158006 // JVNDB: JVNDB-2019-005571 // CNNVD: CNNVD-201906-521 // NVD: CVE-2019-6571

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-158006 // JVNDB: JVNDB-2019-005571 // NVD: CVE-2019-6571

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-521

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-521

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005571

PATCH
title:SSA-774850url:https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf
Trust: 0.8
title:Patch for SiemensLOGO!8 Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/163433
Trust: 0.6
title:Siemens LOGO!8 Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93755
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-17151 // 
            
            
            
            JVNDB: JVNDB-2019-005571 // 
            
            
            
            CNNVD: CNNVD-201906-521

EXTERNAL IDS
db:NVDid:CVE-2019-6571
Trust: 3.6
db:SIEMENSid:SSA-774850
Trust: 2.3
db:ICS CERTid:ICSA-19-162-03
Trust: 1.7
db:CNNVDid:CNNVD-201906-521
Trust: 0.9
db:BIDid:108728
Trust: 0.9
db:CNVDid:CNVD-2019-17151
Trust: 0.8
db:JVNDBid:JVNDB-2019-005571
Trust: 0.8
db:IVDid:C64B4706-2FDE-4842-9DED-B92B3CDEF24B
Trust: 0.2
db:VULHUBid:VHN-158006
Trust: 0.1
sources:
            
            
            IVD: c64b4706-2fde-4842-9ded-b92b3cdef24b // 
            
            
            
            CNVD: CNVD-2019-17151 // 
            
            
            
            VULHUB: VHN-158006 // 
            
            
            
            BID: 108728 // 
            
            
            
            JVNDB: JVNDB-2019-005571 // 
            
            
            
            CNNVD: CNNVD-201906-521 // 
            
            
            
            NVD: CVE-2019-6571

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf
Trust: 2.3
url:http://www.siemens.com/
Trust: 0.9
url:https://ics-cert.us-cert.gov/advisories/icsa-19-162-03
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6571
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-162-03
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6571
Trust: 0.8
url:https://www.securityfocus.com/bid/108728
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-17151 // 
            
            
            
            VULHUB: VHN-158006 // 
            
            
            
            BID: 108728 // 
            
            
            
            JVNDB: JVNDB-2019-005571 // 
            
            
            
            CNNVD: CNNVD-201906-521 // 
            
            
            
            NVD: CVE-2019-6571

CREDITS
and Christian Siemers and Irakli Edjibia from Hochschule Augsburg reported these vulnerabilities to Siemens., and Christian Siemers and Irakli Edjibia from Hochschule Augsburg,Thomas Meesters from cirosec GmbH and Ruhr University of Bochum
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201906-521

SOURCES
db:IVDid:c64b4706-2fde-4842-9ded-b92b3cdef24b
db:CNVDid:CNVD-2019-17151
db:VULHUBid:VHN-158006
db:BIDid:108728
db:JVNDBid:JVNDB-2019-005571
db:CNNVDid:CNNVD-201906-521
db:NVDid:CVE-2019-6571

LAST UPDATE DATE
2024-11-23T22:51:44.674000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-17151date:2019-06-13T00:00:00
db:VULHUBid:VHN-158006date:2020-09-29T00:00:00
db:BIDid:108728date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005571date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201906-521date:2020-10-28T00:00:00
db:NVDid:CVE-2019-6571date:2024-11-21T04:46:43.530

SOURCES RELEASE DATE
db:IVDid:c64b4706-2fde-4842-9ded-b92b3cdef24bdate:2019-06-13T00:00:00
db:CNVDid:CNVD-2019-17151date:2019-06-13T00:00:00
db:VULHUBid:VHN-158006date:2019-06-12T00:00:00
db:BIDid:108728date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005571date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-521date:2019-06-11T00:00:00
db:NVDid:CVE-2019-6571date:2019-06-12T14:29:05.820