Vulnerability CVE-2019-6571


Published: 2019-06-12

Description:
A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). An attacker with network access to port 10005/tcp of the LOGO! device could cause a Denial-of-Service condition by sending specially crafted packets. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Type:

CWE-284

(Improper Access Control)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Siemens -> 6ed1052-1cc01-0ba8 firmware 
Siemens -> 6ed1052-1fb00-0ba8 firmware 
Siemens -> 6ed1052-1hb00-0ba8 firmware 
Siemens -> 6ed1052-1md00-0ba8 firmware 
Siemens -> 6ed1052-2cc01-0ba8 firmware 
Siemens -> 6ed1052-2fb00-0ba8 firmware 
Siemens -> 6ed1052-2hb00-0ba8 firmware 
Siemens -> 6ed1052-2md00-0ba8 firmware 

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf

Copyright 2022, cxsecurity.com

 

Back to Top