

Rewterz threat Advisory – CVE-2019-0542 – Red Hat update for Red Hat Openshift Container Platform
June 12, 2019
Rewterz Threat Advisory – ICS: Siemens Siveillance VMS Multiple Vulnerabilities
June 13, 2019
Rewterz threat Advisory – CVE-2019-0542 – Red Hat update for Red Hat Openshift Container Platform
June 12, 2019
Rewterz Threat Advisory – ICS: Siemens Siveillance VMS Multiple Vulnerabilities
June 13, 2019Severity
Medium
Analysis Summary
CVE-2019-10925
An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver.
CVE-2019-10926
Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position.
Impact
- Improper Privilege Management
- Cleartext Transmission of Sensitive Information
Affected Vendors
Siemens
Affected Products
SIMATIC Ident MV420 and MV440 Families
Remediation
Vendor has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- By setting the DISA bit, changes to the project by logged-in users can be prevented.
Please refer to the Operating Instructions for more details: https://support.industry.siemens.com/cs/us/en/view/84553392