Details of VAR-201910-0917

ID

VAR-201910-0917

CVE

CVE-2019-13929

TITLE

Siemens SIMATIC IT UADM Password storage vulnerability

Trust: 0.8

sources: IVD: 2b632d60-b3f0-452d-a02a-ca327aef1c0b // CNVD: CNVD-2019-34596

DESCRIPTION

A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC IT UADM Contains a vulnerability related to information disclosure from the cache.Information may be obtained. Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM) is a set of Manufacturing Execution System (MES) solutions from Siemens, Germany. A password storage vulnerability exists in Siemens SIMATIC IT UADM

Trust: 2.43

sources: NVD: CVE-2019-13929 // JVNDB: JVNDB-2019-010607 // CNVD: CNVD-2019-34596 // IVD: 2b632d60-b3f0-452d-a02a-ca327aef1c0b // VULMON: CVE-2019-13929

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2b632d60-b3f0-452d-a02a-ca327aef1c0b // CNVD: CNVD-2019-34596

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic it uadm	scope:	lt	version:	1.3	Trust: 2.4
vendor:	simatic it uadm	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 2b632d60-b3f0-452d-a02a-ca327aef1c0b // CNVD: CNVD-2019-34596 // JVNDB: JVNDB-2019-010607 // NVD: CVE-2019-13929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13929
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-13929
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-34596
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-417
value:	MEDIUM
Trust: 0.6
IVD:	2b632d60-b3f0-452d-a02a-ca327aef1c0b
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2019-13929
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-13929
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-34596
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2b632d60-b3f0-452d-a02a-ca327aef1c0b
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-13929
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13929
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 2b632d60-b3f0-452d-a02a-ca327aef1c0b // CNVD: CNVD-2019-34596 // VULMON: CVE-2019-13929 // JVNDB: JVNDB-2019-010607 // CNNVD: CNNVD-201910-417 // NVD: CVE-2019-13929

PROBLEMTYPE DATA

problemtype:	CWE-330	Trust: 1.0
problemtype:	CWE-321	Trust: 1.0
problemtype:	CWE-522	Trust: 0.8

sources: JVNDB: JVNDB-2019-010607 // NVD: CVE-2019-13929

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-417

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201910-417

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010607

PATCH

title:	SSA-984700	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC IT UADM password storage vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/184349	Trust: 0.6
title:	Siemens SIMATIC IT Unified Architecture Discrete Manufacturing Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99084	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=218cc8b0370afec50119bc253e2d9c78	Trust: 0.1

sources: CNVD: CNVD-2019-34596 // VULMON: CVE-2019-13929 // JVNDB: JVNDB-2019-010607 // CNNVD: CNNVD-201910-417

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13929	Trust: 3.3
db:	SIEMENS	id:	SSA-984700	Trust: 2.3
db:	ICS CERT	id:	ICSA-19-281-04	Trust: 1.4
db:	CNVD	id:	CNVD-2019-34596	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-417	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-010607	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.3779	Trust: 0.6
db:	IVD	id:	2B632D60-B3F0-452D-A02A-CA327AEF1C0B	Trust: 0.2
db:	VULMON	id:	CVE-2019-13929	Trust: 0.1

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13929	Trust: 2.0
url:	https://www.us-cert.gov/ics/advisories/icsa-19-281-04	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13929	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3779/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-it-uadm-privilege-escalation-via-password-recovery-30561	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/330.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110371	Trust: 0.1

sources: CNVD: CNVD-2019-34596 // VULMON: CVE-2019-13929 // JVNDB: JVNDB-2019-010607 // CNNVD: CNNVD-201910-417 // NVD: CVE-2019-13929

SOURCES

db:	IVD	id:	2b632d60-b3f0-452d-a02a-ca327aef1c0b
db:	CNVD	id:	CNVD-2019-34596
db:	VULMON	id:	CVE-2019-13929
db:	JVNDB	id:	JVNDB-2019-010607
db:	CNNVD	id:	CNNVD-201910-417
db:	NVD	id:	CVE-2019-13929

LAST UPDATE DATE

2024-11-23T22:48:13.514000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-34596	date:	2019-10-11T00:00:00
db:	VULMON	id:	CVE-2019-13929	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-010607	date:	2019-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201910-417	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-13929	date:	2024-11-21T04:25:43.067

SOURCES RELEASE DATE

db:	IVD	id:	2b632d60-b3f0-452d-a02a-ca327aef1c0b	date:	2019-10-11T00:00:00
db:	CNVD	id:	CNVD-2019-34596	date:	2019-10-11T00:00:00
db:	VULMON	id:	CVE-2019-13929	date:	2019-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-010607	date:	2019-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201910-417	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2019-13929	date:	2019-10-10T14:15:14.860