CVE-2019-10915
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
Se ha identificado una vulnerabilidad en TIA Administrator (todas las versiones anteriores a V1.0 SP1 Upd1). La aplicación web de configuración integrada (TIA Administrator) permite ejecutar determinados comandos de la aplicación sin la autenticación apropiada. La vulnerabilidad podría ser explotada por un atacante con acceso local en el sistema afectado. La explotación con éxito no requiere privilegios ni interacción con el usuario. Un atacante podría usar la vulnerabilidad para comprometer la confidencialidad, la integridad y la disponibilidad del sistema afectado. En el momento de la publicación de asesoramiento, no se conocía la explotación pública de esta vulnerabilidad de seguridad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-08 CVE Reserved
- 2019-07-11 CVE Published
- 2019-07-22 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/109124 | Third Party Advisory | |
https://www.us-cert.gov/ics/advisories/icsa-19-253-02 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/jiansiting/CVE-2019-10915 | 2019-07-22 |
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf | 2020-10-02 | |
https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf | 2020-10-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Siemens Search vendor "Siemens" | Tia Administrator Search vendor "Siemens" for product "Tia Administrator" | 1.0 Search vendor "Siemens" for product "Tia Administrator" and version "1.0" | sp1 |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinetplan Search vendor "Siemens" for product "Sinetplan" | 2.0 Search vendor "Siemens" for product "Sinetplan" and version "2.0" | - |
Affected
|