Vulnerability Change Records for CVE-2019-10924

Change History

CVE Modified by Siemens AG 12/14/2020 5:15:12 PM

Action Type Old Value New Value
Changed Description
A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the
attacker tricks a legitimate user to open a manipulated project.

In order to exploit the vulnerability, a valid user must open a manipulated
project file. No further privileges are required on the target system. The
vulnerability could compromise the confidentiality, integrity and
availability of the engineering station.

At the time of advisory publication no public exploitation of this security
vulnerability was known.
A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station. At the time of advisory publication no public exploitation of this security vulnerability was known.

Modified Analysis 10/02/2020 10:36:21 AM

Action Type Old Value New Value
Removed CVSS V3
NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

								
						
Added CVSS V3.1

								
							
							
						
NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
NIST NVD-CWE-noinfo
Removed CWE
NIST CWE-284

								
						
Changed Reference Type
http://www.securityfocus.com/bid/108368 No Types Assigned
http://www.securityfocus.com/bid/108368 Third Party Advisory, VDB Entry

CVE Modified by Siemens AG 10/09/2019 7:45:01 PM

Action Type Old Value New Value
Added CWE

								
							
							
						
Siemens AG CWE-502

CVE Modified by Siemens AG 5/17/2019 7:29:00 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/108368 [No Types Assigned]

Initial Analysis 5/16/2019 12:3:38 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Added CVSS V2 Metadata

								
							
							
						
Victim must voluntarily interact with attack mechanism
Added CVSS V3

								
							
							
						
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
CWE-284
Changed Reference Type
https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf No Types Assigned
https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf Vendor Advisory