CVE-2019-10938
CRITICALSIPROTEC 5 DIGSI Device Driver - Unauthenticated Remote Code Execution
Title source: llmDescription
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
References (2)
Core 2
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
Scores
CVSS v3
9.8
EPSS
0.0041
EPSS Percentile
61.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (1)
siemens/siprotec_5_digsi_device_driver
Published
Aug 02, 2019
Tracked Since
Feb 18, 2026