// For flags

CVE-2019-10915

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Se ha identificado una vulnerabilidad en TIA Administrator (todas las versiones anteriores a V1.0 SP1 Upd1). La aplicación web de configuración integrada (TIA Administrator) permite ejecutar determinados comandos de la aplicación sin la autenticación apropiada. La vulnerabilidad podría ser explotada por un atacante con acceso local en el sistema afectado. La explotación con éxito no requiere privilegios ni interacción con el usuario. Un atacante podría usar la vulnerabilidad para comprometer la confidencialidad, la integridad y la disponibilidad del sistema afectado. En el momento de la publicación de asesoramiento, no se conocía la explotación pública de esta vulnerabilidad de seguridad.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-08 CVE Reserved
  • 2019-07-11 CVE Published
  • 2019-07-22 First Exploit
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-306: Missing Authentication for Critical Function
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Tia Administrator
Search vendor "Siemens" for product "Tia Administrator"
1.0
Search vendor "Siemens" for product "Tia Administrator" and version "1.0"
sp1
Affected
Siemens
Search vendor "Siemens"
Sinetplan
Search vendor "Siemens" for product "Sinetplan"
2.0
Search vendor "Siemens" for product "Sinetplan" and version "2.0"
-
Affected