Sign-up

ID

VAR-201912-1181


CVE

CVE-2019-13932


TITLE

Siemens XHQ Input validation error vulnerability

Trust: 0.8

sources: IVD: f4d8781a-9c51-400d-8059-5ac25ab37f05 // CNVD: CNVD-2019-46388

DESCRIPTION

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. XHQ Contains an input validation vulnerability.Information may be obtained and information may be altered. Siemens XHQ production and operation intelligence is Siemens Energy's flagship solution, which is widely deployed in the world's largest oil and gas and chemical companies

Trust: 2.34

sources: NVD: CVE-2019-13932 // JVNDB: JVNDB-2019-013309 // CNVD: CNVD-2019-46388 // IVD: f4d8781a-9c51-400d-8059-5ac25ab37f05

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f4d8781a-9c51-400d-8059-5ac25ab37f05 // CNVD: CNVD-2019-46388

AFFECTED PRODUCTS

vendor:siemensmodel:xhqscope:ltversion:6.0.0.2

Trust: 1.8

vendor:siemensmodel:xhqscope:ltversion:v6.0.0.2

Trust: 0.6

vendor:siemensmodel:xhqscope:eqversion: -

Trust: 0.6

vendor:siemensmodel:xhqscope:eqversion:6.0.0.0

Trust: 0.6

vendor:xhqmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f4d8781a-9c51-400d-8059-5ac25ab37f05 // CNVD: CNVD-2019-46388 // JVNDB: JVNDB-2019-013309 // CNNVD: CNNVD-201912-416 // NVD: CVE-2019-13932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13932
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13932
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-46388
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-416
value: CRITICAL

Trust: 0.6

IVD: f4d8781a-9c51-400d-8059-5ac25ab37f05
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-13932
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-46388
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f4d8781a-9c51-400d-8059-5ac25ab37f05
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13932
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-13932
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: f4d8781a-9c51-400d-8059-5ac25ab37f05 // CNVD: CNVD-2019-46388 // JVNDB: JVNDB-2019-013309 // CNNVD: CNNVD-201912-416 // NVD: CVE-2019-13932

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-013309 // NVD: CVE-2019-13932

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-416

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-416

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013309

PATCH
title:SSA-525454url:https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf
Trust: 0.8
title:Patch for Siemens XHQ Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/194811
Trust: 0.6
title:Siemens XHQ Operations Intelligence Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105470
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46388 // 
            
            
            
            JVNDB: JVNDB-2019-013309 // 
            
            
            
            CNNVD: CNNVD-201912-416

EXTERNAL IDS
db:NVDid:CVE-2019-13932
Trust: 3.2
db:SIEMENSid:SSA-525454
Trust: 1.6
db:ICS CERTid:ICSA-19-344-05
Trust: 1.2
db:CNVDid:CNVD-2019-46388
Trust: 0.8
db:CNNVDid:CNNVD-201912-416
Trust: 0.8
db:JVNDBid:JVNDB-2019-013309
Trust: 0.8
db:AUSCERTid:ESB-2019.4622
Trust: 0.6
db:IVDid:F4D8781A-9C51-400D-8059-5AC25AB37F05
Trust: 0.2
sources:
            
            
            IVD: f4d8781a-9c51-400d-8059-5ac25ab37f05 // 
            
            
            
            CNVD: CNVD-2019-46388 // 
            
            
            
            JVNDB: JVNDB-2019-013309 // 
            
            
            
            CNNVD: CNNVD-201912-416 // 
            
            
            
            NVD: CVE-2019-13932

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-13932
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-19-344-05
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13932
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4622/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46388 // 
            
            
            
            JVNDB: JVNDB-2019-013309 // 
            
            
            
            CNNVD: CNNVD-201912-416 // 
            
            
            
            NVD: CVE-2019-13932

SOURCES
db:IVDid:f4d8781a-9c51-400d-8059-5ac25ab37f05
db:CNVDid:CNVD-2019-46388
db:JVNDBid:JVNDB-2019-013309
db:CNNVDid:CNNVD-201912-416
db:NVDid:CVE-2019-13932

LAST UPDATE DATE
2024-11-23T21:59:33.396000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-46388date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013309date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201912-416date:2019-12-27T00:00:00
db:NVDid:CVE-2019-13932date:2024-11-21T04:25:43.427

SOURCES RELEASE DATE
db:IVDid:f4d8781a-9c51-400d-8059-5ac25ab37f05date:2019-12-20T00:00:00
db:CNVDid:CNVD-2019-46388date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013309date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201912-416date:2019-12-10T00:00:00
db:NVDid:CVE-2019-13932date:2019-12-12T19:15:14.920