Severity
Medium
Analysis Summary
CVE-2019-10927
An authenticated attacker with network access to Port 22/TCP of an affected device may cause a denial-of-service condition.
This security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device.
CVE-2019-10928
An authenticated attacker with access to Port 22/TCP as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands.
The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity, and availability of the affected device.
Impact
- Availability of the device
- Exposure of sensitive information
Affected Vendors
Siemens
Affected Products
- SCALANCE SC-600: v2.0
- SCALANCE XB-200: v4.1
- SCALANCE XC-200: v4.1
- SCALANCE XF-200BA: v4.1
- SCALANCE XP-200: v4.1
- SCALANCE SR-300WG: v4.1
Remediation
Siemens currently has an update for the following product: