http://www.securityfocus.com/bid/108725

https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf

https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02

A vulnerability has been identified in SIMATIC MV400 family (All Versions <  V7.0.6). An authenticated attacker could escalate privileges by sending specially
crafted requests to the integrated webserver.

The security vulnerability can be exploited by an attacker with network
access to the device. Valid user credentials, but no user interaction are
required. Successful exploitation compromises integrity and availability of
the device.

At the time of advisory publication no public exploitation 

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of 

A vulnerability has been identified in SIMATIC Ident MV420 family (All versions), SIMATIC Ident MV440 family (All versions). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisor

A vulnerability has been identified in SIMATIC MV400 family (All Versions <  V7.0.6). An authenticated attacker could escalate privileges by sending specially
crafted requests to the integrated webserver.

The security vulnerability can be exploited by an attacker with network
access to the device. Valid user credentials, but no user interaction are
required. Successful exploitation compromises integrity and availability of
the device.

At the time of advisory publication no public exploitation 

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

NIST NVD-CWE-noinfo

NIST CWE-264

Siemens AG CWE-284

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

(AV:N/AC:L/Au:S/C:N/I:P/A:P)

CWE-264

AND
     OR
          *cpe:2.3:o:siemens:simatic_mv420_firmware:*:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_mv420:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:siemens:simatic_mv440_firmware:*:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_mv440:-:*:*:*:*:*:*:*

http://www.securityfocus.com/bid/108725 No Types Assigned

http://www.securityfocus.com/bid/108725 Third Party Advisory, VDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf No Types Assigned

https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf Mitigation, Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02 No Types Assigned

https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02 Third Party Advisory, US Government Resource

http://www.securityfocus.com/bid/108725 [No Types Assigned]

https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02 [No Types Assigned]