CVE-2019-10927 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2019-10927

Analyzed

More Info Official Page

Source-productcert@siemens.com

Published At-13 Aug, 2019 | 19:15

Updated At-28 Oct, 2021 | 13:32

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:N/A:P

CPE Matches

>>scalance_xb-200_firmware>>4.1

cpe:2.3:o:siemens:scalance_xb-200_firmware:4.1:*:*:*:*:*:*:*

>>scalance_xb-200>>-

cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*

>>scalance_xc-200_firmware>>4.1

cpe:2.3:o:siemens:scalance_xc-200_firmware:4.1:*:*:*:*:*:*:*

>>scalance_xc-200>>-

cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*

>>scalance_xf-200ba_firmware>>4.1

cpe:2.3:o:siemens:scalance_xf-200ba_firmware:4.1:*:*:*:*:*:*:*

>>scalance_xf-200ba>>-

cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*

>>scalance_xp-200_firmware>>4.1

cpe:2.3:o:siemens:scalance_xp-200_firmware:4.1:*:*:*:*:*:*:*

>>scalance_xp-200>>-

cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*

>>scalance_xr-300wg_firmware>>4.1

cpe:2.3:o:siemens:scalance_xr-300wg_firmware:4.1:*:*:*:*:*:*:*

>>scalance_xr-300wg>>-

cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-703	Secondary	productcert@siemens.com

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-703

Type: Secondary

Source: productcert@siemens.com

References

Hyperlink	Source	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf	productcert@siemens.com	Patch Vendor Advisory

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf

Source: productcert@siemens.com

Resource:

Patch

Vendor Advisory