Sign-up

ID

VAR-202012-0196


CVE

CVE-2019-19286


TITLE

Siemens XHQ SQL injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-70930 // CNNVD: CNNVD-202012-713

DESCRIPTION

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. XHQ Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens XHQ is a software platform that aggregates factory or pipeline operation data, and processes these data in a target-oriented manner, and then makes decisions in real time, and effectively improves factory or pipeline operation performance. The version of Siemens XHQ prior to 6.1 has a SQL injection vulnerability

Trust: 2.16

sources: NVD: CVE-2019-19286 // JVNDB: JVNDB-2019-016137 // CNVD: CNVD-2020-70930

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-70930

AFFECTED PRODUCTS

vendor:siemensmodel:xhqscope:ltversion:6.1.0.0

Trust: 1.0

vendor:シーメンスmodel:xhqscope:eqversion:6.1

Trust: 0.8

vendor:シーメンスmodel:xhqscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:xhqscope:ltversion:6.1

Trust: 0.6

sources: CNVD: CNVD-2020-70930 // JVNDB: JVNDB-2019-016137 // NVD: CVE-2019-19286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19286
value: HIGH

Trust: 1.0

NVD: CVE-2019-19286
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-70930
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202012-713
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-19286
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-70930
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19286
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-19286
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-70930 // JVNDB: JVNDB-2019-016137 // CNNVD: CNNVD-202012-713 // NVD: CVE-2019-19286

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-016137 // NVD: CVE-2019-19286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-713

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202012-713

PATCH

title:SSA-712690url:https://cert-portal.siemens.com/productcert/pdf/ssa-712690.pdf

Trust: 0.8

title:Patch for Siemens XHQ SQL injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/241957

Trust: 0.6

title:Siemens XHQ SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137256

Trust: 0.6

sources: CNVD: CNVD-2020-70930 // JVNDB: JVNDB-2019-016137 // CNNVD: CNNVD-202012-713

EXTERNAL IDS

db:NVDid:CVE-2019-19286

Trust: 3.0

db:SIEMENSid:SSA-712690

Trust: 1.6

db:ICS CERTid:ICSA-20-343-06

Trust: 1.2

db:JVNDBid:JVNDB-2019-016137

Trust: 0.8

db:CNVDid:CNVD-2020-70930

Trust: 0.6

db:AUSCERTid:ESB-2020.4359

Trust: 0.6

db:CNNVDid:CNNVD-202012-713

Trust: 0.6

sources: CNVD: CNVD-2020-70930 // JVNDB: JVNDB-2019-016137 // CNNVD: CNNVD-202012-713 // NVD: CVE-2019-19286

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-712690.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-19286

Trust: 1.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-06

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2020.4359/

Trust: 0.6

sources: CNVD: CNVD-2020-70930 // JVNDB: JVNDB-2019-016137 // CNNVD: CNNVD-202012-713 // NVD: CVE-2019-19286

SOURCES

db:CNVDid:CNVD-2020-70930
db:JVNDBid:JVNDB-2019-016137
db:CNNVDid:CNNVD-202012-713
db:NVDid:CVE-2019-19286

LAST UPDATE DATE

2024-11-23T21:13:00.731000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-70930date:2020-12-12T00:00:00
db:JVNDBid:JVNDB-2019-016137date:2021-08-16T09:05:00
db:CNNVDid:CNNVD-202012-713date:2021-07-09T00:00:00
db:NVDid:CVE-2019-19286date:2024-11-21T04:34:29.957

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-70930date:2020-12-12T00:00:00
db:JVNDBid:JVNDB-2019-016137date:2021-08-16T00:00:00
db:CNNVDid:CNNVD-202012-713date:2020-12-08T00:00:00
db:NVDid:CVE-2019-19286date:2020-12-14T21:15:16.833