CVE-2019-10926
First published: Wed Jun 12 2019(Updated: )
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic Mv420 Firmware | ||
| Siemens Simatic Mv420 | ||
| Siemens Simatic Mv440 Firmware | ||
| Siemens Simatic Mv440 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-10926?
The severity of CVE-2019-10926 is medium.
Which versions of SIMATIC MV400 family are affected by CVE-2019-10926?
All versions of SIMATIC MV400 family below V7.0.6 are affected by CVE-2019-10926.
How does CVE-2019-10926 impact communication with the SIMATIC MV400 family device?
CVE-2019-10926 allows communication with the device to be intercepted by an attacker in a privileged network position.
Can the data transmitted between the SIMATIC MV400 family device and the user be obtained by an attacker?
Yes, an attacker in a privileged network position can obtain the data transmitted between the SIMATIC MV400 family device and the user.
How can the security vulnerability of CVE-2019-10926 be exploited?
CVE-2019-10926 can be exploited by an attacker in a privileged network position.