How severe is CVE-2019-10930?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2019-10930?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2019-10930 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.

Related Vulnerabilities

CVE-2017-11746

HIGH

CVSS:7.5(High)

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tensh...

CWE-5522017

CVE-2017-12079

HIGH

CVSS:7.5(High)

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via pr...

CWE-5522017

CVE-2017-2551

HIGH

CVSS:7.5(High)

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.

CWE-5522017

CVE-2018-10863

HIGH

CVSS:7.5(High)

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An un...

CWE-5522018

CVE-2018-10869

HIGH

CVSS:7.5(High)

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

CWE-5522018

CVE-2018-16946

HIGH

CVSS:7.5(High)

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via downl...

CWE-5522018