CVE-2020-10044 - OpenCVE

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Sicam Mmu Sicam Mmu Firmware Sicam Sgu Sicam Sgu Firmware Sicam T Sicam T Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:sicam_mmu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sicam_mmu:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:sicam_sgu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sicam_sgu:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:sicam_t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sicam_t:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2020-07-14T13:18:05

Updated: 2024-08-04T10:50:57.807Z

Reserved: 2020-03-04T00:00:00

Link: CVE-2020-10044

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-14T14:15:17.027

Modified: 2020-07-15T17:04:25.183

Link: CVE-2020-10044

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SICAM MMU", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions < V2.05"}]}, {"product": "SICAM SGU", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SICAM T", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions < V2.18"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-14T13:18:05", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-10044", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SICAM MMU", "version": {"version_data": [{"version_value": "All versions < V2.05"}]}}, {"product_name": "SICAM SGU", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SICAM T", "version": {"version_data": [{"version_value": "All versions < V2.18"}]}}]}, "vendor_name": "Siemens AG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306: Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:50:57.807Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-10044", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-03-04T00:00:00", "dateUpdated": "2024-08-04T10:50:57.807Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sicam_mmu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C67031A-9052-4B6F-8AC9-326B716B99CE", "versionEndExcluding": "2.05", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sicam_mmu:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD81E558-D52F-4BFF-B8B4-979B887E0A1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sicam_sgu_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "249B469D-3B32-47EF-ABBC-615DC0522006", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sicam_sgu:-:*:*:*:*:*:*:*", "matchCriteriaId": "F176093C-96F4-47E9-B287-46C8275BD392", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sicam_t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E7EABA4-5C46-4BCD-9904-EB175BC597DA", "versionEndExcluding": "2.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sicam_t:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7E06863-36F6-4E8F-B038-2F17032987FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SICAM MMU (Todas las versiones anteriores a V2.05), SICAM SGU (Todas las versiones), SICAM T (Todas las versiones anteriores a V2.18). Un atacante con acceso a la red podr\u00eda ser capaz de instalar un firmware especialmente dise\u00f1ado en el dispositivo"}], "id": "CVE-2020-10044", "lastModified": "2020-07-15T17:04:25.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-14T14:15:17.027", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "productcert@siemens.com", "type": "Secondary"}]}