CVE-2019-10915

{"id": "CVE-2019-10915", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-07-11T22:15:11.047", "references": [{"url": "http://www.securityfocus.com/bid/109124", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "productcert@siemens.com"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "productcert@siemens.com"}, {"url": "http://www.securityfocus.com/bid/109124", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en TIA Administrator (todas las versiones anteriores a V1.0 SP1 Upd1). La aplicaci\u00f3n web de configuraci\u00f3n integrada (TIA Administrator) permite ejecutar determinados comandos de la aplicaci\u00f3n sin la autenticaci\u00f3n apropiada. La vulnerabilidad podr\u00eda ser explotada por un atacante con acceso local en el sistema afectado. La explotaci\u00f3n con \u00e9xito no requiere privilegios ni interacci\u00f3n con el usuario. Un atacante podr\u00eda usar la vulnerabilidad para comprometer la confidencialidad, la integridad y la disponibilidad del sistema afectado. En el momento de la publicaci\u00f3n de asesoramiento, no se conoc\u00eda la explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad."}], "lastModified": "2024-11-21T04:20:08.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:tia_administrator:1.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DC7C974-2812-4760-B2AE-F264AD2335A9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinetplan:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77BA7DF4-7836-43FC-8163-86F0F9BC2FB7"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}