First published: Tue Mar 26 2019(Updated: )
The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Scalance X-200 Firmware | <5.2.4 | |
Siemens SCALANCE X-200 | ||
Siemens Scalance X-300 Firmware | <4.1.3 | |
Siemens SCALANCE X-300 | ||
Siemens Scalance Xp-200 Firmware | <4.1 | |
Siemens SCALANCE XP-200 | ||
Siemens Scalance Xc-200 Firmware | <4.1 | |
Siemens SCALANCE XC-200 | ||
Siemens Scalance Xf-200 Firmware | <4.1 | |
Siemens Scalance Xf-200 | ||
All of | ||
Siemens Scalance X-200 Firmware | <5.2.4 | |
Siemens SCALANCE X-200 | ||
All of | ||
Siemens Scalance X-300 Firmware | <4.1.3 | |
Siemens SCALANCE X-300 | ||
All of | ||
Siemens Scalance Xp-200 Firmware | <4.1 | |
Siemens SCALANCE XP-200 | ||
All of | ||
Siemens Scalance Xc-200 Firmware | <4.1 | |
Siemens SCALANCE XC-200 | ||
All of | ||
Siemens Scalance Xf-200 Firmware | <4.1 | |
Siemens Scalance Xf-200 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-6569 is critical, with a CVSS score of 9.1.
Siemens Scalance X-200 Firmware (up to version 5.2.4) and Siemens Scalance X-300 Firmware (up to version 4.1.3) are affected by CVE-2019-6569.
CVE-2019-6569 allows an attacker to transmit malicious packets to systems in the mirrored network, potentially influencing their configuration and behavior.
No, Siemens SCALANCE X-200 and Siemens SCALANCE X-300 are not vulnerable to CVE-2019-6569.
At the moment, there is no known fix or patch for CVE-2019-6569. Please refer to the vendor's advisory for any updates or recommended mitigations.