Siemens SIMATIC IT UADM up to 1.2 Service Port 1434 Credentials information disclosure

A vulnerability was found in Siemens SIMATIC IT UADM up to 1.2 (SCADA Software) and classified as problematic. Affected by this issue is an unknown code block of the component Service Port 1434. The manipulation with an unknown input leads to a information disclosure vulnerability (Credentials). Using CWE to declare the problem leads to CWE-200. Impacted is confidentiality.

The weakness was published 10/10/2019. The advisory is available at cert-portal.siemens.com. This vulnerability is handled as CVE-2019-13929 since 07/18/2019. The attack may be launched remotely. The successful exploitation requires a single authentication. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 10/11/2019).

Addressing this vulnerability is possible by firewalling .

Type

• SCADA Software

Vendor

• Siemens

Name

• SIMATIC IT UADM

• 🔒
• 🔒
• 🔒

• 🔒
• 🔒
• 🔒

VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.2

VulDB Base Score: 4.3
VulDB Temp Score: 4.2
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Information disclosure / Credentials (CWE-200)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Firewall
Status: 🔍

0-Day Time: 🔒

07/18/2019 CVE assigned
10/10/2019 +84 days Advisory disclosed
10/11/2019 +1 days VulDB entry created
10/11/2019 +0 days VulDB last updateVendor: siemens.com

Advisory: cert-portal.siemens.com

CVE: CVE-2019-13929 (🔒)

Created: 10/11/2019 09:31 AM
Complete: 🔍

Comments

Comments are closed.