Details of VAR-202001-1850

ID

VAR-202001-1850

CVE

CVE-2019-19278

TITLE

SIEMENS SINAMICS PERFECT HARMONY GH180 Access control vulnerability

Trust: 0.8

sources: IVD: 936730ad-1b74-41aa-8d0e-7492e2d69400 // CNVD: CNVD-2020-02222

DESCRIPTION

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SINAMICS PERFECT HARMONY GH180 The device contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The SINAMICS Perfect Harmony GH180 medium voltage inverter series is used to control medium voltage inverters or inverters in various applications. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

Trust: 2.43

sources: NVD: CVE-2019-19278 // JVNDB: JVNDB-2019-014227 // CNVD: CNVD-2020-02222 // IVD: 936730ad-1b74-41aa-8d0e-7492e2d69400 // VULMON: CVE-2019-19278

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 936730ad-1b74-41aa-8d0e-7492e2d69400 // CNVD: CNVD-2020-02222

AFFECTED PRODUCTS

vendor:	siemens	model:	sinamics perfect harmony gh180	scope:	eq	version:	*	Trust: 1.2
vendor:	siemens	model:	sinamics perfect harmony gh180 mlfb 6sr32	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 mlfb 6sr325	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 mlfb 6sr4	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180 mlfb 6sr5	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinamics perfect harmony gh180	scope:	-	version:	-	Trust: 0.6

sources: IVD: 936730ad-1b74-41aa-8d0e-7492e2d69400 // CNVD: CNVD-2020-02222 // JVNDB: JVNDB-2019-014227 // NVD: CVE-2019-19278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19278
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-19278
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-02222
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202001-528
value:	MEDIUM
Trust: 0.6
IVD:	936730ad-1b74-41aa-8d0e-7492e2d69400
value:	HIGH
Trust: 0.2
VULMON:	CVE-2019-19278
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-19278
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-02222
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	936730ad-1b74-41aa-8d0e-7492e2d69400
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-19278
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19278
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 936730ad-1b74-41aa-8d0e-7492e2d69400 // CNVD: CNVD-2020-02222 // VULMON: CVE-2019-19278 // JVNDB: JVNDB-2019-014227 // CNNVD: CNNVD-202001-528 // NVD: CVE-2019-19278

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.0
problemtype:	CWE-693	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-014227 // NVD: CVE-2019-19278

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202001-528

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014227

PATCH

title:	SSA-242353	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf	Trust: 0.8
title:	Patch for SIEMENS SINAMICS PERFECT HARMONY GH180 Access Control Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/197085	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=86ab7ccf6eeb691651f866fb0f79931b	Trust: 0.1

sources: CNVD: CNVD-2020-02222 // VULMON: CVE-2019-19278 // JVNDB: JVNDB-2019-014227

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19278	Trust: 3.3
db:	ICS CERT	id:	ICSA-20-014-04	Trust: 2.5
db:	SIEMENS	id:	SSA-242353	Trust: 2.3
db:	CNVD	id:	CNVD-2020-02222	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-528	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-014227	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.0159	Trust: 0.6
db:	IVD	id:	936730AD-1B74-41AA-8D0E-7492E2D69400	Trust: 0.2
db:	VULMON	id:	CVE-2019-19278	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-014-04	Trust: 2.5
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19278	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19278	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0159/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-242353.txt	Trust: 0.1

sources: CNVD: CNVD-2020-02222 // VULMON: CVE-2019-19278 // JVNDB: JVNDB-2019-014227 // CNNVD: CNNVD-202001-528 // NVD: CVE-2019-19278

SOURCES

db:	IVD	id:	936730ad-1b74-41aa-8d0e-7492e2d69400
db:	CNVD	id:	CNVD-2020-02222
db:	VULMON	id:	CVE-2019-19278
db:	JVNDB	id:	JVNDB-2019-014227
db:	CNNVD	id:	CNNVD-202001-528
db:	NVD	id:	CVE-2019-19278

LAST UPDATE DATE

2024-11-23T21:36:12.377000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-02222	date:	2020-01-15T00:00:00
db:	VULMON	id:	CVE-2019-19278	date:	2021-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-014227	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202001-528	date:	2021-11-04T00:00:00
db:	NVD	id:	CVE-2019-19278	date:	2024-11-21T04:34:29.100

SOURCES RELEASE DATE

db:	IVD	id:	936730ad-1b74-41aa-8d0e-7492e2d69400	date:	2020-01-14T00:00:00
db:	CNVD	id:	CNVD-2020-02222	date:	2020-01-15T00:00:00
db:	VULMON	id:	CVE-2019-19278	date:	2020-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-014227	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202001-528	date:	2020-01-14T00:00:00
db:	NVD	id:	CVE-2019-19278	date:	2020-01-16T16:15:17.043