All the vulnerabilites related to Siemens - TIM 1531 IRC (incl. SIPLUS NET variants)
cve-2020-28397
Vulnerability from cvelistv5
Published
2021-08-10 10:35
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC Drive Controller family |
Version: All versions < V2.9.2 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:33:59.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC Drive Controller family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.9.2" } ] }, { "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V21.9" } ] }, { "product": "SIMATIC S7 PLCSIM Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V2 \u003c V4" } ] }, { "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "Version V4.4" } ] }, { "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V2.5 \u003c V2.9.2" } ] }, { "product": "SIMATIC S7-1500 Software Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V2.5 \u003c V21.9" } ] }, { "product": "TIM 1531 IRC (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "Version V2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7 PLCSIM Advanced (All versions \u003e V2 \u003c V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e V2.5 \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003e V2.5 \u003c V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-14T10:47:15", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-28397", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC Drive Controller family", "version": { "version_data": [ { "version_value": "All versions \u003c V2.9.2" } ] } }, { "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V21.9" } ] } }, { "product_name": "SIMATIC S7 PLCSIM Advanced", "version": { "version_data": [ { "version_value": "All versions \u003e V2 \u003c V4" } ] } }, { "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "Version V4.4" } ] } }, { "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003e V2.5 \u003c V2.9.2" } ] } }, { "product_name": "SIMATIC S7-1500 Software Controller", "version": { "version_data": [ { "version_value": "All versions \u003e V2.5 \u003c V21.9" } ] } }, { "product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)", "version": { "version_data": [ { "version_value": "Version V2.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions \u003c V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V21.9), SIMATIC S7 PLCSIM Advanced (All versions \u003e V2 \u003c V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e V2.5 \u003c V2.9.2), SIMATIC S7-1500 Software Controller (All versions \u003e V2.5 \u003c V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-863: Incorrect Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-28397", "datePublished": "2021-08-10T10:35:23", "dateReserved": "2020-11-10T00:00:00", "dateUpdated": "2024-08-04T16:33:59.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6568
Vulnerability from cvelistv5
Published
2019-04-17 13:40
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
The webserver of the affected devices contains a vulnerability that may lead to
a denial of service condition. An attacker may cause a denial of service
situation which leads to a restart of the webserver of the affected device.
The security vulnerability could be exploited by an attacker with network
access to the affected systems. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise availability of the device.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:22.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1604", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1616", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 343-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 OPC UA", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM154-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM154-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200S IM151-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200S IM151-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1.6" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.7" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd4" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd4" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd4" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagMonitor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF182C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF600R family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RFID 181EIP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.6.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1500 Software Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.7" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 314C-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315T-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317T-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 319-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 319F-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-PLCSIM Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.0 SP1 UPD1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Teleservice Adapter IE Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Teleservice Adapter IE Basic", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Teleservice Adapter IE Standard", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX F 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd4" } ] }, { "defaultStatus": "unknown", "product": "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.3" } ] }, { "defaultStatus": "unknown", "product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1.3" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.6 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.7 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.8 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V5.1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V5.1 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.6 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.7 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.8 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V5.1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V5.1 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GH150 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GH150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2 HF9" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GL150 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GL150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2 HF9" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GM150 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GM150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2 HF9" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.6 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.7 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.8 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V5.1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V5.1 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S210", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF8" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF33" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM120 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM120 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2 HF10" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200S IM151-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200S IM151-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 343-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 314C-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 315-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 315F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 317-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 317F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SITOP Manager", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1" } ] }, { "defaultStatus": "unknown", "product": "SITOP PSU8600", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.5" } ] }, { "defaultStatus": "unknown", "product": "SITOP UPS1600 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device.\r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-09T11:51:03.049Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-6568", "datePublished": "2019-04-17T13:40:24", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:22.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10929
Vulnerability from cvelistv5
Published
2019-08-13 18:55
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.
References
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf | x_refsource_MISC | |
https://www.us-cert.gov/ics/advisories/icsa-19-344-04 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1626 |
Version: All versions |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC CP 1626", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V20.8" } ] }, { "product": "SIMATIC HMI Panel (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC NET PC Software V14", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14 SP1 Update 14" } ] }, { "product": "SIMATIC NET PC Software V15", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.4.0" } ] }, { "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.8.1" } ] }, { "product": "SIMATIC S7-1500 Software Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V20.8" } ] }, { "product": "SIMATIC S7-PLCSIM Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16" } ] }, { "product": "SIMATIC WinCC (TIA Portal)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16" } ] }, { "product": "SIMATIC WinCC OA", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.16 P013" } ] }, { "product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16" } ] }, { "product": "SIMATIC WinCC Runtime Professional", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16" } ] }, { "product": "TIM 1531 IRC (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC STEP 7 (TIA Portal) (All versions \u003c V16), SIMATIC WinCC (TIA Portal) (All versions \u003c V16), SIMATIC WinCC OA (All versions \u003c V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions \u003c V16), SIMATIC WinCC Runtime Professional (All versions \u003c V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions \u003c V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-327", "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:07", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-10929", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC CP 1626", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V20.8" } ] } }, { "product_name": "SIMATIC HMI Panel (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC NET PC Software V14", "version": { "version_data": [ { "version_value": "All versions \u003c V14 SP1 Update 14" } ] } }, { "product_name": "SIMATIC NET PC Software V15", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V4.4.0" } ] } }, { "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V2.8.1" } ] } }, { "product_name": "SIMATIC S7-1500 Software Controller", "version": { "version_data": [ { "version_value": "All versions \u003c V20.8" } ] } }, { "product_name": "SIMATIC S7-PLCSIM Advanced", "version": { "version_data": [ { "version_value": "All versions \u003c V3.0" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal)", "version": { "version_data": [ { "version_value": "All versions \u003c V16" } ] } }, { "product_name": "SIMATIC WinCC (TIA Portal)", "version": { "version_data": [ { "version_value": "All versions \u003c V16" } ] } }, { "product_name": "SIMATIC WinCC OA", "version": { "version_data": [ { "version_value": "All versions \u003c V3.16 P013" } ] } }, { "product_name": "SIMATIC WinCC Runtime Advanced", "version": { "version_data": [ { "version_value": "All versions \u003c V16" } ] } }, { "product_name": "SIMATIC WinCC Runtime Professional", "version": { "version_data": [ { "version_value": "All versions \u003c V16" } ] } }, { "product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V2.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC STEP 7 (TIA Portal) (All versions \u003c V16), SIMATIC WinCC (TIA Portal) (All versions \u003c V16), SIMATIC WinCC OA (All versions \u003c V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions \u003c V16), SIMATIC WinCC Runtime Professional (All versions \u003c V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions \u003c V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-344-04", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-10929", "datePublished": "2019-08-13T18:55:57", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }