CVE-2019-10939
published 2020-04-14CVE-2019-10939: A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.12%
62.0th percentile
A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | tim_3v-ie_advanced_firmware | < 2.8 | 2.8 |
| siemens | tim_3v-ie_dnp3_firmware | < 2.8 | 2.8 |
| siemens | tim_3v-ie_firmware | < 2.8 | 2.8 |
| siemens | tim_4r-ie_dnp3_firmware | < 3.3 | 3.3 |
| siemens | tim_4r-ie_firmware | < 3.3 | 3.3 |
| siemens_ag | tim_3v-ie | — | — |
| siemens_ag | tim_3v-ie_advanced | — | — |
| siemens_ag | tim_3v-ie_dnp3 | — | — |
| siemens_ag | tim_4r-ie | — | — |
| siemens_ag | tim_4r-ie_dnp3 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The debug port is only exposed when the device IP is configured to exactly 192.168.1.2 — scan/monitor for TIM 3V-IE or 4R-IE devices with this IP address as a high-priority indicator of exploitability. ↗
- →Monitor and alert on inbound/outbound traffic to UDP port 17185 on affected Siemens TIM devices; unexpected traffic to this port may indicate exploitation attempts. ↗
- →Exploitation requires no user interaction and no prior authentication — any network-originated connection to the debug port from an unauthenticated source should be treated as a high-severity alert. ↗
- ·The vulnerability is ONLY triggerable when the device IP is set to 192.168.1.2 — devices configured with any other IP address are not exposed to this debug port. ↗
- ·High skill level is required to exploit this vulnerability despite no authentication being needed; no public exploits were known at time of advisory publication. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens TIM 3V-IE and 4R-IE Family Devices
cisa_ics·2020-04-14·CVSS 9.8
[CRITICAL] Siemens TIM 3V-IE and 4R-IE Family Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens TIM 3V-IE and 4R-IE Family Devices
Last RevisedApril 14, 2020
Alert CodeICSA-20-105-09
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.0
- ATTENTION: Exploitable remotely
- Vendor: Siemens
- Equipment: TIM 3V-IE and 4R-IE Family Devices
- Vulnerability: Active Debug Code
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated attacker with network access to gain full control over the device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of TIM communication modules for SIMATIC S7-300 and S7-400 devices are
GHSA
GHSA-xr59-cc47-hgh5: A vulnerability has been identified in TIM 3V-IE (incl
ghsa_unreviewed·2022-05-24
CVE-2019-10939 [MEDIUM] GHSA-xr59-cc47-hgh5: A vulnerability has been identified in TIM 3V-IE (incl
A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected dev
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-14
Published