1. CVE-Search
  2. CVE-2019-10943
ID CVE-2019-10943
Summary A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.
References
Vulnerable Configurations
  • cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:2.5:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:2.8:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:2.8:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:4.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:4.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:4.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:4.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:4.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_s7-1500_software_controller:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_s7_plcsim_advanced:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_s7_plcsim_advanced:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-08-2022 - 20:28)
Impact:
Exploitability:
CWE CWE-353
CAPEC
  • Manipulating Opaque Client-based Data Tokens
    In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.
  • Manipulating User State
    The adversary modifies state information maintained by the target software in user-accessible locations. If successful, the target software will use this tainted state information and execute in an unintended manner. State management is an important function within an application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.
  • Manipulating Writeable Configuration Files
    Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Content Spoofing Via Application API Manipulation
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers' intent. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
misc https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf
Last major update 10-08-2022 - 20:28
Published 13-08-2019 - 19:15
Last modified 10-08-2022 - 20:28
Back to Top