Rewterz Threat Advisory – CVE-2019-10915 – Siemens TIA Administrator (TIA Portal) Improper Access Control Vulnerability
July 12, 2019Rewterz Threat Advisory – CVE-2019-6827 – Schneider Electric Interactive Graphical SCADA System
July 12, 2019Rewterz Threat Advisory – CVE-2019-10915 – Siemens TIA Administrator (TIA Portal) Improper Access Control Vulnerability
July 12, 2019Rewterz Threat Advisory – CVE-2019-6827 – Schneider Electric Interactive Graphical SCADA System
July 12, 2019Severity
Medium
Analysis Summary
CVE-2011-3389
The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which may allow a man-in-the-middle attack to obtain plaintext HTTP headers.
CVE-2016-6329
Long-duration TLS sessions used with a 64-bit block cipher may allow remote attackers to obtain cleartext data.
CVE-2013-0169
Outdated versions of TLS and DTLS allow statistical analysis of timing data for crafted packets, which may allow remote attackers to conduct distinguishing and plaintext-recovery attacks.
Impact
Improper Input Validation
Affected Vendors
Siemens
Affected Products
- Siemens RF615R
- Siemens RF68XR
Remediation
Siemens recommends users upgrade to Version 3.2.1 or newer for both affected products.