Details of VAR-202012-0194

ID

VAR-202012-0194

CVE

CVE-2019-19283

TITLE

Siemens XHQ information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-70933 // CNNVD: CNNVD-202012-717

DESCRIPTION

A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place. XHQ Contains an information disclosure vulnerability.Information may be obtained. Siemens XHQ is a software platform that aggregates factory or pipeline operation data, and processes these data in a target-oriented manner, and then makes decisions in real time, and effectively improves factory or pipeline operation performance. Attackers can use this vulnerability to obtain sensitive information

Trust: 2.16

sources: NVD: CVE-2019-19283 // JVNDB: JVNDB-2019-016134 // CNVD: CNVD-2020-70933

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-70933

AFFECTED PRODUCTS

vendor:	siemens	model:	xhq	scope:	lt	version:	6.1.0.0	Trust: 1.0
vendor:	シーメンス	model:	xhq	scope:	eq	version:	6.1	Trust: 0.8
vendor:	シーメンス	model:	xhq	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	xhq	scope:	lt	version:	6.1	Trust: 0.6

sources: CNVD: CNVD-2020-70933 // JVNDB: JVNDB-2019-016134 // NVD: CVE-2019-19283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19283
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-19283
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-70933
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-717
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-19283
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-70933
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-19283
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19283
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-70933 // JVNDB: JVNDB-2019-016134 // CNNVD: CNNVD-202012-717 // NVD: CVE-2019-19283

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-016134 // NVD: CVE-2019-19283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-717

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-717

PATCH

title:	SSA-712690	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-712690.pdf	Trust: 0.8
title:	Patch for Siemens XHQ information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/241948	Trust: 0.6
title:	Siemens XHQ Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137437	Trust: 0.6

sources: CNVD: CNVD-2020-70933 // JVNDB: JVNDB-2019-016134 // CNNVD: CNNVD-202012-717

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19283	Trust: 3.0
db:	SIEMENS	id:	SSA-712690	Trust: 1.6
db:	ICS CERT	id:	ICSA-20-343-06	Trust: 1.2
db:	JVNDB	id:	JVNDB-2019-016134	Trust: 0.8
db:	CNVD	id:	CNVD-2020-70933	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4359	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-717	Trust: 0.6

sources: CNVD: CNVD-2020-70933 // JVNDB: JVNDB-2019-016134 // CNNVD: CNNVD-202012-717 // NVD: CVE-2019-19283

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-712690.pdf	Trust: 1.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-06	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19283¥	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19283	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4359/	Trust: 0.6

sources: CNVD: CNVD-2020-70933 // JVNDB: JVNDB-2019-016134 // CNNVD: CNNVD-202012-717 // NVD: CVE-2019-19283

SOURCES

db:	CNVD	id:	CNVD-2020-70933
db:	JVNDB	id:	JVNDB-2019-016134
db:	CNNVD	id:	CNNVD-202012-717
db:	NVD	id:	CVE-2019-19283

LAST UPDATE DATE

2024-11-23T20:22:50.168000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-70933	date:	2020-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-016134	date:	2021-08-16T09:04:00
db:	CNNVD	id:	CNNVD-202012-717	date:	2020-12-17T00:00:00
db:	NVD	id:	CVE-2019-19283	date:	2024-11-21T04:34:29.623

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-70933	date:	2020-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-016134	date:	2021-08-16T00:00:00
db:	CNNVD	id:	CNNVD-202012-717	date:	2020-12-08T00:00:00
db:	NVD	id:	CVE-2019-19283	date:	2020-12-14T21:15:16.643