CVE-2019-6569

CWE-4404 documents4 sources

Severity

9.1CRITICAL

EPSS

0.5%

top 33.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Scalance X-200 Firmware Siemens Scalance X-300 Firmware Siemens Scalance Xc-200 Firmware +86 more

Timeline

PublishedMar 26

Latest updateApr 30

Description

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages89 packages

▶NVDsiemens/scalance_x-200_firmware< 5.2.4

▶NVDsiemens/scalance_x-300_firmware< 4.1.3

▶NVDsiemens/scalance_xc-200_firmware< 4.1

▶NVDsiemens/scalance_xf-200_firmware< 4.1

▶NVDsiemens/scalance_xp-200_firmware< 4.1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-pq3w-wpr9-q68m: The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network↗2022-04-30

▶

CVEList

CVE-2019-6569: The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network↗2019-03-26

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2020-6569↗2020-08-25

▶