All the vulnerabilites related to Siemens - SIMATIC HMI KTP Mobile Panels
var-201812-0343
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains a path traversal vulnerability.Information may be obtained. Siemens SIMATIC Panels is prone to following security vulnerabilities: 1. An open-redirection vulnerability 2. A directory-traversal vulnerability Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site. are all HMI software used by Siemens in Germany to control and monitor machines and equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi mp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi op",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic wincc \\",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi tp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime professional sp1 upd2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime professional sp update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1319"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc runtime advanced sp1 upd2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced sp1 upd5",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v135"
},
{
"model": "simatic wincc sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v12"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v120"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v110"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v136"
},
{
"model": "simatic wincc sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v10"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "22"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic hmi comfort panels sp1 upd2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic hmi comfort panels sp1 upd5",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi classic devices",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic wincc runtime advanced update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi ktp mobile panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi comfort panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi comfort outdoor panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
}
],
"sources": [
{
"db": "BID",
"id": "105922"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"db": "NVD",
"id": "CVE-2018-13812"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hosni Tounsi from Carthage Red Team",
"sources": [
{
"db": "BID",
"id": "105922"
}
],
"trust": 0.3
},
"cve": "CVE-2018-13812",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-13812",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-123909",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-13812",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13812",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-13812",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-482",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123909",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123909"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-482"
},
{
"db": "NVD",
"id": "CVE-2018-13812"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions \u003c V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions \u003c V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions \u003c V15 Update 4), SIMATIC WinCC Runtime Professional (All versions \u003c V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions \u003c V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains a path traversal vulnerability.Information may be obtained. Siemens SIMATIC Panels is prone to following security vulnerabilities:\n1. An open-redirection vulnerability\n2. A directory-traversal vulnerability\nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files from the affected system in the context of the application or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site. are all HMI software used by Siemens in Germany to control and monitor machines and equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "VULHUB",
"id": "VHN-123909"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13812",
"trust": 2.8
},
{
"db": "BID",
"id": "105922",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-233109",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-317-08",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014525",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-482",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-123909",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123909"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-482"
},
{
"db": "NVD",
"id": "CVE-2018-13812"
}
]
},
"id": "VAR-201812-0343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-123909"
}
],
"trust": 0.7828699085714284
},
"last_update_date": "2024-11-23T22:17:14.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-233109",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
},
{
"title": "Multiple Siemens Product path traversal vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86883"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-482"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123909"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"db": "NVD",
"id": "CVE-2018-13812"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105922"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-317-08"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13812"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13812"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123909"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-482"
},
{
"db": "NVD",
"id": "CVE-2018-13812"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-123909"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-482"
},
{
"db": "NVD",
"id": "CVE-2018-13812"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-123909"
},
{
"date": "2018-11-14T00:00:00",
"db": "BID",
"id": "105922"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"date": "2018-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-482"
},
{
"date": "2018-12-13T16:29:00.290000",
"db": "NVD",
"id": "CVE-2018-13812"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-123909"
},
{
"date": "2018-11-14T00:00:00",
"db": "BID",
"id": "105922"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014525"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-482"
},
{
"date": "2024-11-21T03:48:07.190000",
"db": "NVD",
"id": "CVE-2018-13812"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-482"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC Path traversal vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014525"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-482"
}
],
"trust": 0.6
}
}
var-201905-0115
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known. plural SIMATIC The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Siemens Products are prone to following security vulnerabilities: 1. An information-disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A security vulnerability An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use. The vulnerability stems from the lack of correct validation of client data in WEB applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi mp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi op",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi tp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic hmi classic devices",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.11"
},
{
"model": "simatic wincc runtime advanced update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.11"
},
{
"model": "simatic hmi ktp mobile update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic hmi comfort panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic hmi comfort outdoor panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
}
],
"sources": [
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"db": "NVD",
"id": "CVE-2019-6577"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens ProductCERT",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-588"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6577",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2019-6577",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-158012",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2019-6577",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6577",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6577",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-588",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158012",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-588"
},
{
"db": "NVD",
"id": "CVE-2019-6577"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions \u003c V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions \u003c V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions \u003c V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions \u003c V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions \u003c V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known. plural SIMATIC The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Siemens Products are prone to following security vulnerabilities:\n1. An information-disclosure vulnerability\n2. A cross-site-scripting vulnerability\n3. A security vulnerability\nAn attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use. The vulnerability stems from the lack of correct validation of client data in WEB applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6577"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "VULHUB",
"id": "VHN-158012"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6577",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-134-09",
"trust": 2.8
},
{
"db": "BID",
"id": "108412",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-804486",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-588",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-134-02",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1716.2",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-54365",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-158012",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158012"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-588"
},
{
"db": "NVD",
"id": "CVE-2019-6577"
}
]
},
"id": "VAR-201905-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158012"
}
],
"trust": 0.7545892989999999
},
"last_update_date": "2024-11-23T21:37:16.753000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-804486",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"title": "Siemens SIMATIC Panels and WinCC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92738"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-588"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
},
{
"problemtype": "CWE-80",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"db": "NVD",
"id": "CVE-2019-6577"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108412"
},
{
"trust": 1.9,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-134-09"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6577"
},
{
"trust": 0.9,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-09"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6577"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29288"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80946"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158012"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-588"
},
{
"db": "NVD",
"id": "CVE-2019-6577"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158012"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-588"
},
{
"db": "NVD",
"id": "CVE-2019-6577"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-158012"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108412"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-588"
},
{
"date": "2019-05-14T20:29:04.623000",
"db": "NVD",
"id": "CVE-2019-6577"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158012"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108412"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004634"
},
{
"date": "2019-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-588"
},
{
"date": "2024-11-21T04:46:44.267000",
"db": "NVD",
"id": "CVE-2019-6577"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-588"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-588"
}
],
"trust": 0.6
}
}
var-202102-0161
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Comfort Panel. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 22 by default. The issue results from the lack of authentication prior to allowing remote connections. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Siemens Simatic Hmi is a device of Germany's Siemens (Siemens) that provides human-computer interaction functions for industrial automation equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "16.0"
},
{
"_id": null,
"model": "sinamics gl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "16.0"
},
{
"_id": null,
"model": "simatic hmi ktp mobile panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.0"
},
{
"_id": null,
"model": "sinamics sl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "sinamics sm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "sinamics sh150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "sinamics sm150i",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "sinamics sm120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "sinamics gh150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "sinamics gm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.0"
},
{
"_id": null,
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"_id": null,
"model": "simatic hmi ktp mobile panels",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "v16 update 3a earlier versions"
},
{
"_id": null,
"model": "comfort panel",
"scope": null,
"trust": 0.7,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "simatic hmi",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-129"
},
{
"db": "CNVD",
"id": "CNVD-2021-07537"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001015"
},
{
"db": "NVD",
"id": "CVE-2020-15798"
}
]
},
"credits": {
"_id": null,
"data": "Ta-Lun Yen of TXOne IoT/ICS Security Research Labs (Trend Micro)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-129"
}
],
"trust": 0.7
},
"cve": "CVE-2020-15798",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-15798",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-07537",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-15798",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001015",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-15798",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-15798",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2021-001015",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-15798",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-07537",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2499",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-15798",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-129"
},
{
"db": "CNVD",
"id": "CNVD-2021-07537"
},
{
"db": "VULMON",
"id": "CVE-2020-15798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001015"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2499"
},
{
"db": "NVD",
"id": "CVE-2020-15798"
}
]
},
"description": {
"_id": null,
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions \u003c V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions \u003c V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Comfort Panel. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 22 by default. The issue results from the lack of authentication prior to allowing remote connections. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Siemens Simatic Hmi is a device of Germany\u0027s Siemens (Siemens) that provides human-computer interaction functions for industrial automation equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-15798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001015"
},
{
"db": "ZDI",
"id": "ZDI-21-129"
},
{
"db": "CNVD",
"id": "CNVD-2021-07537"
},
{
"db": "VULMON",
"id": "CVE-2020-15798"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-15798",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-033-02",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-520004",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-752103",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-21-129",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92618342",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001015",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12046",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-07537",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-13",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0384",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2499",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-15798",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-129"
},
{
"db": "CNVD",
"id": "CNVD-2021-07537"
},
{
"db": "VULMON",
"id": "CVE-2020-15798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001015"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2499"
},
{
"db": "NVD",
"id": "CVE-2020-15798"
}
]
},
"id": "VAR-202102-0161",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07537"
}
],
"trust": 1.17291723125
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07537"
}
]
},
"last_update_date": "2024-11-23T19:29:19.148000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SSA-520004",
"trust": 0.8,
"url": "https://support.industry.siemens.com/cs/document/109746530/image-downloads-for-hmi-operator-panels?dti=0\u0026lc=en-WW"
},
{
"title": "Siemens has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02"
},
{
"title": "Patch for Siemens Simatic Hmi authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/246031"
},
{
"title": "Siemens Simatic Hmi Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140096"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=727a7bb82c467c1176e726c944e1c560"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=a4e80f78fa87968e8881f762b328bbfa"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2020-15798 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-129"
},
{
"db": "CNVD",
"id": "CNVD-2021-07537"
},
{
"db": "VULMON",
"id": "CVE-2020-15798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001015"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2499"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001015"
},
{
"db": "NVD",
"id": "CVE-2020-15798"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf"
},
{
"trust": 1.2,
"url": "https://vigilance.fr/vulnerability/simatic-hmi-code-execution-via-unauthenticated-telnet-34430"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92618342"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0384/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-13"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-15798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-129/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-129"
},
{
"db": "CNVD",
"id": "CNVD-2021-07537"
},
{
"db": "VULMON",
"id": "CVE-2020-15798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001015"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2499"
},
{
"db": "NVD",
"id": "CVE-2020-15798"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-129",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-07537",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-15798",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001015",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2499",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-15798",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-02-04T00:00:00",
"db": "ZDI",
"id": "ZDI-21-129",
"ident": null
},
{
"date": "2021-01-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-07537",
"ident": null
},
{
"date": "2021-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-15798",
"ident": null
},
{
"date": "2021-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001015",
"ident": null
},
{
"date": "2021-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2499",
"ident": null
},
{
"date": "2021-02-09T17:15:13.437000",
"db": "NVD",
"id": "CVE-2020-15798",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-04T00:00:00",
"db": "ZDI",
"id": "ZDI-21-129",
"ident": null
},
{
"date": "2021-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-07537",
"ident": null
},
{
"date": "2022-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-15798",
"ident": null
},
{
"date": "2021-05-19T07:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-001015",
"ident": null
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2499",
"ident": null
},
{
"date": "2024-11-21T05:06:12.120000",
"db": "NVD",
"id": "CVE-2020-15798",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2499"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Siemens\u00a0 Made \u00a0HMI\u00a0 Lack of authentication vulnerability for product critical features",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001015"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2499"
}
],
"trust": 0.6
}
}
var-202105-0068
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "16"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "16"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"db": "NVD",
"id": "CVE-2019-19276"
}
]
},
"cve": "CVE-2019-19276",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-19276",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19276",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-19276",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19276",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-19276",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-541",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-541"
},
{
"db": "NVD",
"id": "CVE-2019-19276"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions \u003c V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2019-19276"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19276",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-594364",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007395",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051309",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1602",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-131-06",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-541",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-19276",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-541"
},
{
"db": "NVD",
"id": "CVE-2019-19276"
}
]
},
"id": "VAR-202105-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.57371795
},
"last_update_date": "2024-08-14T12:56:54.515000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-594364",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf"
},
{
"title": "Multiple Siemens Fix for device buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149969"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=3a6418c2c9d9d914ae85f34d330d364e"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-541"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"db": "NVD",
"id": "CVE-2019-19276"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19276"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-06"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-wincc-denial-of-service-via-snmp-35359"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1602"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051309"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-594364.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-541"
},
{
"db": "NVD",
"id": "CVE-2019-19276"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-541"
},
{
"db": "NVD",
"id": "CVE-2019-19276"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19276"
},
{
"date": "2022-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-541"
},
{
"date": "2021-05-12T14:15:10.543000",
"db": "NVD",
"id": "CVE-2019-19276"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19276"
},
{
"date": "2022-02-09T09:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-007395"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-541"
},
{
"date": "2021-06-02T18:18:33.440000",
"db": "NVD",
"id": "CVE-2019-19276"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-541"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIMATIC\u00a0HMI\u00a0Comfort\u00a0Panels\u00a01st\u00a0Generation\u00a0 and \u00a0SIMATIC\u00a0HMI\u00a0KTP\u00a0Mobile\u00a0Panels\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007395"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201905-0112
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. Multiple Siemens Products are prone to following security vulnerabilities: 1. An information-disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A security vulnerability An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi mp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi op",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi tp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic hmi classic devices",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.11"
},
{
"model": "simatic wincc runtime advanced update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.11"
},
{
"model": "simatic hmi ktp mobile update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic hmi comfort panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic hmi comfort outdoor panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
}
],
"sources": [
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"db": "NVD",
"id": "CVE-2019-6572"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens ProductCERT",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-590"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6572",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158007",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6572",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6572",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6572",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6572",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158007",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158007"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-590"
},
{
"db": "NVD",
"id": "CVE-2019-6572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions \u003c V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions \u003c V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions \u003c V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions \u003c V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions \u003c V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. Multiple Siemens Products are prone to following security vulnerabilities:\n1. An information-disclosure vulnerability\n2. A cross-site-scripting vulnerability\n3. A security vulnerability\nAn attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6572"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "VULHUB",
"id": "VHN-158007"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-134-09",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2019-6572",
"trust": 2.8
},
{
"db": "BID",
"id": "108412",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-804486",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004632",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-590",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-134-02",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1716.2",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-54367",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-158007",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158007"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-590"
},
{
"db": "NVD",
"id": "CVE-2019-6572"
}
]
},
"id": "VAR-201905-0112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158007"
}
],
"trust": 0.7545892989999999
},
"last_update_date": "2024-11-23T21:37:16.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-804486",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"title": "Siemens SIMATIC Panels and WinCC Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92740"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-590"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158007"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"db": "NVD",
"id": "CVE-2019-6572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/108412"
},
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-134-09"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6572"
},
{
"trust": 0.9,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-09"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6572"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29288"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80946"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158007"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-590"
},
{
"db": "NVD",
"id": "CVE-2019-6572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158007"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-590"
},
{
"db": "NVD",
"id": "CVE-2019-6572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-158007"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108412"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-590"
},
{
"date": "2019-05-14T20:29:04.200000",
"db": "NVD",
"id": "CVE-2019-6572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-158007"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108412"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004632"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-590"
},
{
"date": "2024-11-21T04:46:43.653000",
"db": "NVD",
"id": "CVE-2019-6572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004632"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-590"
}
],
"trust": 0.6
}
}
var-202210-0467
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. simatic hmi comfort panels firmware, simatic hmi ktp400 basic firmware, simatic hmi ktp700 basic Multiple Siemens products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC HMI Comfort Panels is a touch panel device from Siemens, Germany.
Several Siemens products have an input validation error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp900 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp400 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp700 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp1200 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp700 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp400 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp700 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp700 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp1200 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp1200 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp400 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp900 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp1200 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp400 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp900 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp900 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp1200 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi ktp900 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus hmi ktp400 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus hmi ktp700 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi ktp mobile panels",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus hmi ktp1200 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus hmi ktp900 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi ktp700 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi ktp400 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi comfort panels update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v174"
},
{
"model": "simatic hmi ktp mobile panels update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v174"
},
{
"model": "simatic hmi ktp1200 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "simatic hmi ktp400 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "simatic hmi ktp700 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "simatic hmi ktp900 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "siplus hmi ktp1200 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "siplus hmi ktp400 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "siplus hmi ktp700 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "siplus hmi ktp900 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-91619",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-40227",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-40227",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-40227",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-40227",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-91619",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-446",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions \u003c V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions \u003c V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP400 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP700 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP900 Basic (All versions \u003c V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions \u003c V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. simatic hmi comfort panels firmware, simatic hmi ktp400 basic firmware, simatic hmi ktp700 basic Multiple Siemens products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC HMI Comfort Panels is a touch panel device from Siemens, Germany. \n\r\n\r\nSeveral Siemens products have an input validation error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40227"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "CNVD",
"id": "CNVD-2022-91619"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40227",
"trust": 3.8
},
{
"db": "SIEMENS",
"id": "SSA-384224",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-286-14",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU92214181",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-91619",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"id": "VAR-202210-0467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
}
],
"trust": 1.2763986227272728
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
}
]
},
"last_update_date": "2024-08-14T12:18:52.673000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Various Siemens products input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/384516"
},
{
"title": "Siemens SIMATIC HMI Comfort Panels Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210554"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92214181/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40227"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-14"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-286-14"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-hmi-denial-of-service-via-tcp-packets-39514"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40227/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"date": "2022-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-446"
},
{
"date": "2022-10-11T11:15:10.940000",
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"date": "2023-10-23T02:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"date": "2022-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-446"
},
{
"date": "2022-10-14T17:07:23.703000",
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation vulnerability in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
],
"trust": 0.6
}
}
var-201905-0114
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known. plural SIMATIC The product contains cryptographic vulnerabilities.Information may be obtained. Multiple Siemens Products are prone to following security vulnerabilities: 1. An information-disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A security vulnerability An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi mp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi op",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi tp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic hmi classic devices",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.11"
},
{
"model": "simatic wincc runtime advanced update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v15.11"
},
{
"model": "simatic hmi ktp mobile update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic hmi comfort panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
},
{
"model": "simatic hmi comfort outdoor panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "15.11"
}
],
"sources": [
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"db": "NVD",
"id": "CVE-2019-6576"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens ProductCERT",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-589"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6576",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6576",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158011",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6576",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6576",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6576",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-589",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158011",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158011"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-589"
},
{
"db": "NVD",
"id": "CVE-2019-6576"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions \u003c V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions \u003c V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions \u003c V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions \u003c V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions \u003c V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known. plural SIMATIC The product contains cryptographic vulnerabilities.Information may be obtained. Multiple Siemens Products are prone to following security vulnerabilities:\n1. An information-disclosure vulnerability\n2. A cross-site-scripting vulnerability\n3. A security vulnerability\nAn attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6576"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "VULHUB",
"id": "VHN-158011"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-134-09",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2019-6576",
"trust": 2.8
},
{
"db": "BID",
"id": "108412",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-804486",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004633",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-589",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-134-02",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1716.2",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-54366",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-158011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158011"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-589"
},
{
"db": "NVD",
"id": "CVE-2019-6576"
}
]
},
"id": "VAR-201905-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158011"
}
],
"trust": 0.7545892989999999
},
"last_update_date": "2024-11-23T21:37:16.690000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-804486",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"title": "Siemens SIMATIC Panels and WinCC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92739"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-589"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158011"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"db": "NVD",
"id": "CVE-2019-6576"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108412"
},
{
"trust": 1.9,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-134-09"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6576"
},
{
"trust": 0.9,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-09"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6576"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29288"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80946"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158011"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-589"
},
{
"db": "NVD",
"id": "CVE-2019-6576"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158011"
},
{
"db": "BID",
"id": "108412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-589"
},
{
"db": "NVD",
"id": "CVE-2019-6576"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-158011"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108412"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-589"
},
{
"date": "2019-05-14T20:29:04.560000",
"db": "NVD",
"id": "CVE-2019-6576"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158011"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108412"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004633"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-589"
},
{
"date": "2024-11-21T04:46:44.130000",
"db": "NVD",
"id": "CVE-2019-6576"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-589"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC Cryptographic vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004633"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-589"
}
],
"trust": 0.6
}
}
var-201910-1595
Vulnerability from variot
Affected devices improperly handle large amounts of specially crafted UDP packets.
This could allow an unauthenticated remote attacker to trigger a denial of service condition. Several Siemens products are vulnerable to resource exhaustion.Denial of service (DoS) May be in a state. Siemens SIMATIC CFU PA and so on are the products of Germany's Siemens company. Siemens SIMATIC CFU PA is a compact field device. SIMATIC ET 200AL is a distributed I / O system module. SIMATIC ET 200M is a modular I / O system module for control cabinets for high density channel applications. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < 4.8), SINAMICS G150 (Control Unit) (All versions < 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions < 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions < V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. The following products and versions are affected: Siemens SIMATIC S7-1500 CPU series (including: related ET200 CPUs and SIPLUS variants); SIMATIC S7-1500 Software Controller; SIMATIC TDC CP51M1; SIMATIC TDC CPU555; SINAMICS DCM, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1595",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic cfu pa",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "1.2.0"
},
{
"model": "simatic profinet driver",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "dk standard ethernet controller",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200al",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200m",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200s",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "sinumerik 828d",
"version": "4.8"
},
{
"model": "simatic s7-400 dp v7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-300 cpu 314",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic hmi comfort panels 22\\\"",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics gl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic et 200sp im 155-6 pn hs",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinumerik 828d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-1500 cpu 1512c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "sinumerik 840d sl",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics g130",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic s7-1500t cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic et 200sp im 155-6 pn\\/3 hf",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "sinamics dcm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "ek-ertec 200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200s",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic pn\\/pn coupler",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.1"
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic s7-400 v6",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0.9"
},
{
"model": "sinamics g110m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic s7-300 cpu 315",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinumerik 828d",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic et 200ecopn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200sp im 155-6 pn st",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200sp im 155-6 pn\\/2 hf",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.2"
},
{
"model": "sinamics s110",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics sl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "simatic et 200mp im 155-5 pn hf",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "simatic s7-300 cpu 313",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic s7-300 cpu 318-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic s7-300 cpu 312 ifm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic et 200pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "sinamics g110m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic et 200sp im 155-6 pn ba",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-410 v8",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.2.2"
},
{
"model": "simatic et 200mp im 155-5 pn ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3.0"
},
{
"model": "simatic s7-300 cpu 316-2 dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics gm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi comfort panels 4\\\"",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic s7-300 cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic winac rtx \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "ek-ertec 200p",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "simatic et 200m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-300 cpu 314 ifm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "dk standard ethernet controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1500 cpu 1511c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic s7-300 cpu 315-2 dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ek-ertec 200p",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "simatic hmi comfort outdoor panels 7\\\"",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1500 cpu 1518",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic winac rtx \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinamics dcp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-400 pn v7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200sp im 155-6 pn ha",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1500s cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic s7-400h v6",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0.9"
},
{
"model": "sinamics g120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic et 200al",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic et 200sp im 155-6 pn hf",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2.2"
},
{
"model": "simatic et 200mp im 155-5 pn st",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics dcm",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "simatic hmi comfort outdoor panels 15\\\"",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.0"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic s7-1500 cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "ek-ertec 200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200p p",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cfu pa",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200mp im 155-5 pn ba",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200mp im 155-5 pn hf",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200mp im 155-5 pn st",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "200"
},
{
"model": "ek-ertec 200p",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200mp im pn ba",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-5\u003c4.2.3"
},
{
"model": "simatic et 200mp im pn hf",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-5"
},
{
"model": "simatic et 200mp im pn st",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-5"
},
{
"model": "simatic et 200sp im pn ba",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-6"
},
{
"model": "simatic et 200sp im pn ha",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-6"
},
{
"model": "simatic et 200sp im pn hf",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-6\u003c4.2.2"
},
{
"model": "simatic et 200sp im pn hs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-6"
},
{
"model": "simatic et 200sp im pn st",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-6"
},
{
"model": "simatic et 200sp im pn/2 hf",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-6\u003c4.2.2"
},
{
"model": "simatic et 200sp im pn/3 hf",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "155-6\u003c4.2.1"
},
{
"model": "simatic et 200ecopn",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200pro",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort outdoor panels 7\" \u0026 15\"",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels 4\" 22\"",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pn/pn coupler",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-300 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7"
},
{
"model": "simatic s7-400 and below",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6"
},
{
"model": "simatic s7-400h",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6\u003c6.0.9"
},
{
"model": "simatic s7-410",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v8"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinamics dcm",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics dcp",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g110m sp10 hf5",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics g120 sp10 hf5",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics g150",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics s110",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics s150",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinumerik 828d sp5",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.8"
},
{
"model": "sinumerik 840d sl",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dk standard ethernet controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp im 155 6 pn ba",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp im 155 6 pn ha",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp im 155 6 pn hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp im 155 6 pn hs",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp im 155 6 pn st",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp im 155 6 pn 2 hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp im 155 6 pn 3 hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200ecopn",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort outdoor panels 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort outdoor panels 15",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels 4",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels 22",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pn pn coupler",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic profinet driver",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu 1211c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu 1212c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200p",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu 1214c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500s cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500t cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 cpu 1518",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 cpu 1511c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 cpu 1512c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 312 ifm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 313",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cfu pa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 314",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 314 ifm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 315",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 315 2 dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 316 2 dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 318 2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn v7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 dp v7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 v6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400h v6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200al",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 410 v8",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx f 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcm",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g110m",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics gl150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics gm150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200m",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s110",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics sl150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics sm120",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinumerik 828d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinumerik 840d sl",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200mp im 155 5 pn ba",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200mp im 155 5 pn hf",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200mp im 155 5 pn st",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"db": "NVD",
"id": "CVE-2019-10936"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cfu_pa_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200al_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_im_155-5_pn_ba_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_im_155-5_pn_hf_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200mp_im_155-5_pn_st_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200s_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-639"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10936",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10936",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36853",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ea2714fa-253a-4380-82d5-35652a5540fb",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142532",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10936",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10936",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10936",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-10936",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10936",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36853",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-639",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142532",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"db": "VULHUB",
"id": "VHN-142532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-639"
},
{
"db": "NVD",
"id": "CVE-2019-10936"
},
{
"db": "NVD",
"id": "CVE-2019-10936"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Affected devices improperly handle large amounts of specially crafted UDP packets. \r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition. Several Siemens products are vulnerable to resource exhaustion.Denial of service (DoS) May be in a state. Siemens SIMATIC CFU PA and so on are the products of Germany\u0027s Siemens company. Siemens SIMATIC CFU PA is a compact field device. SIMATIC ET 200AL is a distributed I / O system module. SIMATIC ET 200M is a modular I / O system module for control cabinets for high density channel applications. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions \u003c V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions \u003c V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions \u003c V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions \u003c V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions \u003c V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions \u003c V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions \u003c V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions \u003c V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions \u003c SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions \u003c V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions \u003c V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions \u003c V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions \u003c 4.8), SINAMICS G150 (Control Unit) (All versions \u003c 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions \u003c 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions \u003c V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions \u003c V4.8 SP5), SINUMERIK 840D sl (All versions). The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. The following products and versions are affected: Siemens SIMATIC S7-1500 CPU series (including: related ET200 CPUs and SIPLUS variants); SIMATIC S7-1500 Software Controller; SIMATIC TDC CP51M1; SIMATIC TDC CPU555; SINAMICS DCM, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10936"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"db": "VULHUB",
"id": "VHN-142532"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10936",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-473245",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-283-02",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201910-639",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-36853",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3813",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3813.3",
"trust": 0.6
},
{
"db": "IVD",
"id": "EA2714FA-253A-4380-82D5-35652A5540FB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-142532",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"db": "VULHUB",
"id": "VHN-142532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-639"
},
{
"db": "NVD",
"id": "CVE-2019-10936"
}
]
},
"id": "VAR-201910-1595",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"db": "VULHUB",
"id": "VHN-142532"
}
],
"trust": 1.6334674204444446
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-36853"
}
]
},
"last_update_date": "2024-11-23T22:58:29.466000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-473245",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
},
{
"title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2019-36853)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186551"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"db": "NVD",
"id": "CVE-2019-10936"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10936"
},
{
"trust": 1.2,
"url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-profinet-udp-packets-30562"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10936"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3813/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-283-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3813.3/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"db": "VULHUB",
"id": "VHN-142532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-639"
},
{
"db": "NVD",
"id": "CVE-2019-10936"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"db": "VULHUB",
"id": "VHN-142532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-639"
},
{
"db": "NVD",
"id": "CVE-2019-10936"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"date": "2019-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-142532"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-639"
},
{
"date": "2019-10-10T14:15:14.707000",
"db": "NVD",
"id": "CVE-2019-10936"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36853"
},
{
"date": "2023-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-142532"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010605"
},
{
"date": "2023-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-639"
},
{
"date": "2024-11-21T04:20:11.257000",
"db": "NVD",
"id": "CVE-2019-10936"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-639"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Siemens products vulnerable to resource depletion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010605"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "ea2714fa-253a-4380-82d5-35652a5540fb"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-639"
}
],
"trust": 0.8
}
}
var-201904-0174
Vulnerability from variot
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device.
The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinamics s210",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics sm120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic ipc diagmonitor",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1.3"
},
{
"model": "simatic s7-1500s",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics gl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simocode pro v pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "sinamics gm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "simatic cp443-1 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sitop manager",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "sinamics g130",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "cp1604",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinamics s120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "sitop psu8600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic cp443-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simocode pro v eip",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.3"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic s7-400 pn\\/dp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sitop ups1600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "sinamics sm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf600r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1"
},
{
"model": "cp1616",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic teleservice adapter ie standard",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic teleservice adapter ie basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-1500t",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics gh150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.6"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic winac rtx",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinamics sl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic cp443-1 opc ua",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics sm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic rf181-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "simatic s7-1500f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "simatic cp343-1 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics s210",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1543sp-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1604",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1616",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 adv",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf185c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "sinamics s150",
"version": "5.1"
},
{
"model": "simatic winac rtx sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic s7-300 cpu family all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7"
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g130 and g150",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf182c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1 opc ua",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic ipc diagmonitor",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf188c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf600r",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp1604",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp1616",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et sp open controller cpu 1515sp pc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "200\u003cv2.1.6"
},
{
"model": "simatic hmi comfort panels 4\" 22\"",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6"
},
{
"model": "sinamics s150",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s210",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.1"
},
{
"model": "sinamics s210 sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.1"
},
{
"model": "tim irc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1531"
},
{
"model": "simatic hmi comfort outdoor panels 7\" \u0026 15\"",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf181-eip",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf186c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-plcsim advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie basic",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie standard",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simocode pro eip",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v"
},
{
"model": "simocode pro pn",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v"
},
{
"model": "sitop manager",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sitop psu8600",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sitop ups1600",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siamtic rf185c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp343-1 advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1 advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et sp open controller cpu 1515sp pc2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "200"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sinamics s210",
"version": "5.1"
},
{
"model": "tim irc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15310"
},
{
"model": "sitop ups1600",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sitop psu8600",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sitop manager",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinamics s210 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics s120 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s120 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics g150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics g130 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g130 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "simocode pro pn",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v0"
},
{
"model": "simocode pro eip",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "20100"
},
{
"model": "simatic teleservice adapter ie standard",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic teleservice adapter ie basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v60"
},
{
"model": "simatic s7-300 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-1500 software controller",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-1500 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf600r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc diagmonitor",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp900f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp900 mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp700f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp700 mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp400f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et200 open controller cpu 1515sp pc2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et200 open controller cpu 1515sp pc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic cp opc ua",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "343-10"
},
{
"model": "rfid 181-eip",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16160"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16040"
},
{
"model": "sinamics s150 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s120 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g150 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g130 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-300 cpu",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v3.x.16"
},
{
"model": "simatic et200 open controller cpu 1515sp pc",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.1.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp400f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1 opc ua",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic ipc diagmonitor",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 plcsim advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop manager",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf600r",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf188c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf186c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1616",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf182c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf181 eip",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie basic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie standard",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf185c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simocode pro v eip",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simocode pro v pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s210",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop psu8600",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop ups1600",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tim 1531 irc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp343 1 advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500t",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1 advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200 sp open controller cpu 1515sp pc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200 sp open controller cpu 1515sp pc2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort outdoor panels",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1604_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_1616_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp343-1_advanced_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_adv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf185c_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6568",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6568",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-12904",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158003",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6568",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6568",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6568",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-6568",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6568",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-12904",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-458",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158003",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device. \r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "VULHUB",
"id": "VHN-158003"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6568",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-06",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-480230",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-530931",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-227-04",
"trust": 1.4
},
{
"db": "BID",
"id": "107842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-12904",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1204.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "A397CC8B-EE17-4FAF-8447-E9EE5F57DD12",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158003",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"id": "VAR-201904-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
}
],
"trust": 1.5998432480392157
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
}
]
},
"last_update_date": "2024-11-23T22:25:58.024000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-480230",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"title": "SSA-530931",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
},
{
"title": "Patches for multiple Siemens product denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/160237"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91286"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-06"
},
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6568"
},
{
"trust": 0.9,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6568"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3150/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-06"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-06"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/107842"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-denial-of-service-via-webserver-28976"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78710"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-05T00:00:00",
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"date": "2019-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158003"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107842"
},
{
"date": "2019-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"date": "2019-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"date": "2019-04-17T14:29:03.683000",
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"date": "2023-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-158003"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107842"
},
{
"date": "2019-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"date": "2023-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-458"
},
{
"date": "2024-11-21T04:46:42.773000",
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to input validation in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
}
}
var-201812-0344
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains an open redirect vulnerability.Information may be obtained and information may be altered. Siemens SIMATIC HMI Comfort Panels are all Germany's Siemens (Siemens) company HMI software for control and monitoring of machines and equipment.
The webserver in several Siemens products has an open redirection vulnerability. Siemens SIMATIC Panels is prone to following security vulnerabilities: 1. An open-redirection vulnerability 2. A directory-traversal vulnerability Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0344",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi mp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi op",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic wincc \\",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi tp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi classic devices",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort outdoor panels 7\" \u0026 15\" update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi comfort panels 4\"-22\" update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi ktp mobile panels update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic wincc update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic wincc runtime advanced update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic wincc runtime professional update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "154"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic wincc runtime",
"version": "*"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime professional sp1 upd2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime professional sp update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1319"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic wincc runtime advanced sp1 upd2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced sp1 upd5",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v135"
},
{
"model": "simatic wincc sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v12"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v120"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v110"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v136"
},
{
"model": "simatic wincc sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v10"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "22"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "simatic hmi comfort panels sp1 upd2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic hmi comfort panels sp1 upd5",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi classic devices",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic wincc runtime advanced update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi ktp mobile panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi comfort panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi comfort outdoor panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi mp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi op",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort outdoor panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp400f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi tp",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"db": "NVD",
"id": "CVE-2018-13813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hosni Tounsi from Carthage Red Team",
"sources": [
{
"db": "BID",
"id": "105922"
}
],
"trust": 0.3
},
"cve": "CVE-2018-13813",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-13813",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-24247",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-123910",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-13813",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13813",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-13813",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-24247",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-483",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123910",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"db": "VULHUB",
"id": "VHN-123910"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-483"
},
{
"db": "NVD",
"id": "CVE-2018-13813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions \u003c V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions \u003c V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions \u003c V15 Update 4), SIMATIC WinCC Runtime Professional (All versions \u003c V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions \u003c V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains an open redirect vulnerability.Information may be obtained and information may be altered. Siemens SIMATIC HMI Comfort Panels are all Germany\u0027s Siemens (Siemens) company HMI software for control and monitoring of machines and equipment. \n\nThe webserver in several Siemens products has an open redirection vulnerability. Siemens SIMATIC Panels is prone to following security vulnerabilities:\n1. An open-redirection vulnerability\n2. A directory-traversal vulnerability\nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files from the affected system in the context of the application or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13813"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-123910"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13813",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-233109",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-317-08",
"trust": 2.3
},
{
"db": "BID",
"id": "105922",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201811-483",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-24247",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526",
"trust": 0.8
},
{
"db": "IVD",
"id": "E30112C1-39AB-11E9-9EAE-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-123910",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"db": "VULHUB",
"id": "VHN-123910"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-483"
},
{
"db": "NVD",
"id": "CVE-2018-13813"
}
]
},
"id": "VAR-201812-0344",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"db": "VULHUB",
"id": "VHN-123910"
}
],
"trust": 1.59438617
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24247"
}
]
},
"last_update_date": "2024-11-23T22:17:14.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-233109",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
},
{
"title": "Patch for Multiple Siemens products open redirection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/176377"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86884"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123910"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"db": "NVD",
"id": "CVE-2018-13813"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
},
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-317-08"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105922"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13813"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13813"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"db": "VULHUB",
"id": "VHN-123910"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-483"
},
{
"db": "NVD",
"id": "CVE-2018-13813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"db": "VULHUB",
"id": "VHN-123910"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-483"
},
{
"db": "NVD",
"id": "CVE-2018-13813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-29T00:00:00",
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"date": "2018-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-123910"
},
{
"date": "2018-11-14T00:00:00",
"db": "BID",
"id": "105922"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"date": "2018-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-483"
},
{
"date": "2018-12-13T16:29:00.320000",
"db": "NVD",
"id": "CVE-2018-13813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24247"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-123910"
},
{
"date": "2018-11-14T00:00:00",
"db": "BID",
"id": "105922"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014526"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-483"
},
{
"date": "2024-11-21T03:48:07.380000",
"db": "NVD",
"id": "CVE-2018-13813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-483"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC Open redirect vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014526"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "e30112c1-39ab-11e9-9eae-000c29342cb1"
},
{
"db": "BID",
"id": "105922"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-483"
}
],
"trust": 1.1
}
}
var-201812-0345
Vulnerability from variot
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal) are products of Siemens AG, Germany. Siemens SIMATIC Panels is a human interface panel. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A code injection vulnerability exists in Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal), which can be exploited by an attacker to inject HTTP headers with malicious links. Multiple Siemens Products are prone to an HTTP header-injection vulnerability because it fails to sufficiently sanitize user input. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic hmi mp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi op",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic wincc \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic wincc runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic hmi tp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels 4\" 22\"",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "-\u003c14"
},
{
"model": "simatic hmi comfort outdoor panels 7\\\" and 15\\\"",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime advanced",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic wincc runtime",
"version": "*"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v120"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v110"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v10"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "22"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi classic devices",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime advanced",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v14"
},
{
"model": "simatic wincc",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v14"
},
{
"model": "simatic hmi ktp mobile panels update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "154"
},
{
"model": "simatic hmi comfort panels",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi mp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi op",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort outdoor panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp400f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi tp",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "BID",
"id": "105931"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"db": "NVD",
"id": "CVE-2018-13814"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "105931"
}
],
"trust": 0.3
},
"cve": "CVE-2018-13814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-13814",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-25432",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d80ae62-463f-11e9-b905-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-123911",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-13814",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13814",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-13814",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-25432",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-488",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123911",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "VULHUB",
"id": "VHN-123911"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-488"
},
{
"db": "NVD",
"id": "CVE-2018-13814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions \u003c V14), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions \u003c V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V14), SIMATIC WinCC Runtime Advanced (All versions \u003c V14), SIMATIC WinCC Runtime Professional (All versions \u003c V14), SIMATIC WinCC (TIA Portal) (All versions \u003c V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal) are products of Siemens AG, Germany. Siemens SIMATIC Panels is a human interface panel. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A code injection vulnerability exists in Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal), which can be exploited by an attacker to inject HTTP headers with malicious links. Multiple Siemens Products are prone to an HTTP header-injection vulnerability because it fails to sufficiently sanitize user input. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13814"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "BID",
"id": "105931"
},
{
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-123911"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13814",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-317-03",
"trust": 2.3
},
{
"db": "BID",
"id": "105931",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-944083",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201811-488",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-25432",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D80AE62-463F-11E9-B905-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98853",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-123911",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "VULHUB",
"id": "VHN-123911"
},
{
"db": "BID",
"id": "105931"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-488"
},
{
"db": "NVD",
"id": "CVE-2018-13814"
}
]
},
"id": "VAR-201812-0345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "VULHUB",
"id": "VHN-123911"
}
],
"trust": 1.53959078625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25432"
}
]
},
"last_update_date": "2024-11-23T22:34:04.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-944083",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf"
},
{
"title": "Patch for Siemens SIMATIC Panels and SIMATIC WinCC code injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/147353"
},
{
"title": "Siemens SIMATIC Panels and SIMATIC WinCC Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86889"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-488"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-113",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123911"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"db": "NVD",
"id": "CVE-2018-13814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-317-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105931"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13814"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13814"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "VULHUB",
"id": "VHN-123911"
},
{
"db": "BID",
"id": "105931"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-488"
},
{
"db": "NVD",
"id": "CVE-2018-13814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "VULHUB",
"id": "VHN-123911"
},
{
"db": "BID",
"id": "105931"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-488"
},
{
"db": "NVD",
"id": "CVE-2018-13814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-123911"
},
{
"date": "2018-11-13T00:00:00",
"db": "BID",
"id": "105931"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"date": "2018-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-488"
},
{
"date": "2018-12-13T16:29:00.350000",
"db": "NVD",
"id": "CVE-2018-13814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-123911"
},
{
"date": "2018-11-13T00:00:00",
"db": "BID",
"id": "105931"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014527"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-488"
},
{
"date": "2024-11-21T03:48:07.560000",
"db": "NVD",
"id": "CVE-2018-13814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC Panels and SIMATIC WinCC code injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25432"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-488"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "7d80ae62-463f-11e9-b905-000c29342cb1"
},
{
"db": "BID",
"id": "105931"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-488"
}
],
"trust": 1.1
}
}
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:
Openshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:
See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.5/html/serverless_applications/index
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- ========================================================================== Ubuntu Security Notice USN-4891-1 March 25, 2021
openssl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
OpenSSL could be made to crash or run programs if it received specially crafted network traffic. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.3
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.3
Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.9
After a standard system update you need to reboot your computer to make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1200-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1200 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
-
openssl: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
-
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO 24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal CYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe VG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK 8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp uYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE Z7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB hz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb a+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT Wg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K x0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy CkeZnyNSON8=u60F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic cloud connect 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic net cp 1543sp-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "simatic pdm",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "9.1.0.7"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "sma100",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.0"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "scalance s627-2m",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic process historian opc ua server",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "scalance xr524-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic rf188ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1243-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "simatic s7-1200 cpu 1217c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics connect 300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "scalance xm-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic net cp1243-7 lte eu",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "communications communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "simatic rf360r",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s615",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "simatic mv500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1212fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec pni",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "scalance w700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.5"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xr552-12",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic net cp1243-7 lte us",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.17.0"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "simatic rf166c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic s7-1200 cpu 1215c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "scalance xr526-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "tim 1531 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "scalance sc-600",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic pcs 7 telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1215 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "simatic rf186ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "capture client",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.5"
},
{
"model": "simatic logon",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.0.2"
},
{
"model": "simatic wincc telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s623",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance lpe9403",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1214 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "scalance m-800",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "scalance s612",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "scalance xr528-6m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "tia administrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic logon",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "sinumerik opc ua server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance s602",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "ruggedcom rcm1224",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "simatic net cp 1545-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic cloud connect 7",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "scalance w1700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "simatic net cp 1543-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "hitachi ops center analyzer viewpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "storagegrid",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "quantum security gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
},
{
"model": "tenable.sc",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "nessus",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "freebsd",
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "santricity smi-s provider",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "mcafee web gateway \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30ab\u30d5\u30a3\u30fc",
"version": null
},
{
"model": "e-series performance analyzer",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "jp1/file transmission server/ftp",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "quantum security management",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "cloud volumes ontap \u30e1\u30c7\u30a3\u30a8\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jp1/base",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "web gateway cloud service",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30ab\u30d5\u30a3\u30fc",
"version": null
},
{
"model": "multi-domain management",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
}
],
"trust": 0.8
},
"cve": "CVE-2021-3449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3449",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-388130",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3449",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-3449",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3449",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-3449",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-388130",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:\n\nOpenshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless\nOperator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.5/html/serverless_applications/index\n\n4. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.0.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. ==========================================================================\nUbuntu Security Notice USN-4891-1\nMarch 25, 2021\n\nopenssl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash or run programs if it received specially\ncrafted network traffic. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service, or possibly execute\narbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n libssl1.1 1.1.1-1ubuntu2.1~18.04.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1200-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1200\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer deref in signature_algorithms processing\n(CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO\n24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal\nCYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe\nVG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK\n8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp\nuYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE\nZ7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB\nhz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb\na+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT\nWg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K\nx0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy\nCkeZnyNSON8=u60F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "161984"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3449",
"trust": 2.8
},
{
"db": "TENABLE",
"id": "TNS-2021-06",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-772220",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92126369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162076",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-99170",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162694",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "161984"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"id": "VAR-202103-1464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
}
],
"trust": 0.6742040990624999
},
"last_update_date": "2024-11-29T22:12:22.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-119 Software product security information",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4875"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92126369/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2021"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1448"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1063"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4891-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1024"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1195"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "161984"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "161984"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2021-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"date": "2021-05-19T14:19:18",
"db": "PACKETSTORM",
"id": "162694"
},
{
"date": "2021-06-23T15:44:15",
"db": "PACKETSTORM",
"id": "163257"
},
{
"date": "2021-04-29T14:37:49",
"db": "PACKETSTORM",
"id": "162383"
},
{
"date": "2021-04-05T15:16:03",
"db": "PACKETSTORM",
"id": "162076"
},
{
"date": "2021-03-26T14:15:18",
"db": "PACKETSTORM",
"id": "161984"
},
{
"date": "2021-03-30T14:07:13",
"db": "PACKETSTORM",
"id": "162013"
},
{
"date": "2021-04-15T13:50:30",
"db": "PACKETSTORM",
"id": "162200"
},
{
"date": "2021-04-15T13:50:04",
"db": "PACKETSTORM",
"id": "162197"
},
{
"date": "2021-04-14T16:50:04",
"db": "PACKETSTORM",
"id": "162189"
},
{
"date": "2021-03-25T15:15:13.450000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2021-09-13T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"date": "2024-11-21T06:21:33.050000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161984"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162383"
}
],
"trust": 0.2
}
}
cve-2019-10936
Vulnerability from cvelistv5
Published
2019-10-10 00:00
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
Affected devices improperly handle large amounts of specially crafted UDP packets.
This could allow an unauthenticated remote attacker to trigger a denial of service condition.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dk_standard_ethernet_controller_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ek-ertec_200_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ek-ertec_200_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ek-ertec_200p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ek-ertec_200p_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_cfu_pa:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_cfu_pa",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et200ecopn_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et200ecopn_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et200s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et200s_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200al_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200al_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200m_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200m_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200mp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200mp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200pro_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200pro_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200s_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200sp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200sp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_hmi_comfort_outdoor_panels",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_profinet_driver:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_profinet_driver",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_314_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_315-2_dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_315f-2_dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_317-2_dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\\/dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_317-2_pn\\/dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_319-3_pn\\/dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_cpu_412-2_pn",
"vendor": "siemens",
"versions": [
{
"lessThan": "v7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_cpu_414-3_pn\\/dp",
"vendor": "siemens",
"versions": [
{
"lessThan": "v7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_cpu_416-3_pn\\/dp",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "v7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-400_h_v6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_h_v6_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "v6.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_pn\\/dp_v6_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-410_cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-410_cpu_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v8.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-1200_cpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-1200_cpu",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-1500_cpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-1500_cpu",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-1500_controller:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-1500_controller",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_tdc_cp51m1_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_tdc_cpu555_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:simatic_winac_rtx_2010:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_winac_rtx_2010",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2010_sp3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_winac_rtx_\\(f\\)_2010",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2010_sp3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_dcm",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.5_hf1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_dcp",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_g110m",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.7_sp10_hf5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_g120",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.7_sp10_hf5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_g130",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_g150",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_gh150",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_gl150",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_gm150",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_s110",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_s120",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_sl150",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_sl150",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.7_hf33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_sm120",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinumerik_828d",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8_sp5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinumerik_840d_sl",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8_sp6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "siplus_s7-300_cpu_314",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.3.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-10936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T14:36:59.481395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T15:59:12.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.6 Patch 01"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CFU PA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200AL IM 157-1 PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200M (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-3 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-4 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN: IO-Link Master",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200S (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Outdoor Panels (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI KTP Mobile Panels",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PN/PN Coupler",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PROFINET Driver",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 412-2 PN V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CP51M1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CPU555",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX F 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.5 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G110M V4.7 PN Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP10 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP10 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 4.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 4.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GH150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GL150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GM150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S110 Control Unit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 4.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF33"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SM120 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 828D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 840D sl",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET PN/PN Coupler",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Affected devices improperly handle large amounts of specially crafted UDP packets.\r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:03:55.957Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10936",
"datePublished": "2019-10-10T00:00:00",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19276
Vulnerability from cvelistv5
Published
2021-05-12 13:18
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) |
Version: All versions < V16 Update 4 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions \u003c V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-12T13:18:21",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions \u003c V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19276",
"datePublished": "2021-05-12T13:18:21",
"dateReserved": "2019-11-26T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40227
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC HMI Comfort Panels (incl. SIPLUS variants) |
Version: All versions < V17 Update 4 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 4"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 4"
}
]
},
{
"product": "SIMATIC HMI KTP1200 Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"product": "SIMATIC HMI KTP400 Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"product": "SIMATIC HMI KTP700 Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"product": "SIMATIC HMI KTP900 Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"product": "SIPLUS HMI KTP1200 BASIC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"product": "SIPLUS HMI KTP400 BASIC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"product": "SIPLUS HMI KTP700 BASIC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"product": "SIPLUS HMI KTP900 BASIC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions \u003c V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions \u003c V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP400 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP700 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP900 Basic (All versions \u003c V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions \u003c V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-40227",
"datePublished": "2022-10-11T00:00:00",
"dateReserved": "2022-09-08T00:00:00",
"dateUpdated": "2024-08-03T12:14:39.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15798
Vulnerability from cvelistv5
Published
2021-02-09 15:38
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02 | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC HMI Comfort Panels (incl. SIPLUS variants) |
Version: All versions < V16 Update 3a |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:21.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 3a"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 3a"
}
]
},
{
"product": "SINAMICS GH150",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS GL150 (with option X30)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS GM150 (with option X30)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SH150",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SL150",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SM120",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SM150",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SM150i",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions \u003c V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions \u003c V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T10:35:22",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 3a"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 3a"
}
]
}
},
{
"product_name": "SINAMICS GH150",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GL150 (with option X30)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GM150 (with option X30)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SH150",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SL150",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM120",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM150",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM150i",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions \u003c V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions \u003c V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-15798",
"datePublished": "2021-02-09T15:38:17",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:30:21.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}