cnvd-2019-12904
Vulnerability from cnvd

Title: 多款Siemens产品拒绝服务漏洞

Description:

Siemens CP,SIAMTIC,SIMOCODE,SINAMICS,SITOP和TIM都是西门子公司生产的设备。

多款Siemens产品存在拒绝服务漏洞,攻击者可利用此漏洞导致拒绝服务,Web服务器重启。

Severity:

Patch Name: 多款Siemens产品拒绝服务漏洞的补丁

Patch Description:

Siemens CP,SIAMTIC,SIMOCODE,SINAMICS,SITOP和TIM都是西门子公司生产的设备。

多款Siemens产品存在拒绝服务漏洞,攻击者可利用此漏洞导致拒绝服务,Web服务器重启。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序,请及时关注更新: https://support.industry.siemens.com/cs/ww/en/view/109759122 https://support.industry.siemens.com/cs/ww/en/ps/13752/dl https://support.industry.siemens.com/

Reference: https://ics-cert.us-cert.gov/advisories/ICSA-19-099-06

Impacted products
Name
['SIEMENS SIMATIC WinAC RTX 2010 SP2 All', 'SIEMENS SIMATIC S7-300 CPU family All', 'Siemens SIMATIC S7-400 PN/DP V7', 'Siemens SIMATIC S7-1500 Software Controller', 'Siemens SINAMICS S120', 'Siemens SINAMICS G130 and G150', 'SIEMENS SIMATIC RF182C', 'Siemens SIMATIC WinCC Runtime Advanced', 'Siemens SIMATIC CP443-1 OPC UA', 'Siemens SIMATIC IPC DiagMonitor', 'Siemens SIMATIC RF188C', 'Siemens SIMATIC RF600R', 'Siemens CP1604', 'Siemens CP1616', 'Siemens SIMATIC ET 200 SP Open Controller CPU 1515SP PC <v2.1.6', 'Siemens SIMATIC HMI Comfort Panels 4" - 22"', 'Siemens SIMATIC HMI KTP Mobile Panels(KTP400F、KTP700、KTP700F、KTP900和KTP900F)', 'Siemens SIMATIC S7-1500 CPU family', 'Siemens SIMATIC S7-400 PN V6', 'Siemens SINAMICS S150', 'Siemens SINAMICS S210 v5.1', 'Siemens SINAMICS S210 v5.1 SP1', 'Siemens TIM 1531 IRC', 'Siemens SIMATIC HMI Comfort Outdoor Panels 7" & 15"', 'Siemens SIMATIC RF181-EIP', 'Siemens SIMATIC RF186C', 'Siemens SIMATIC S7-PLCSIM Advanced', 'Siemens SIMATIC Teleservice Adapter IE Advanced', 'Siemens SIMATIC Teleservice Adapter IE Basic', 'Siemens SIMATIC Teleservice Adapter IE Standard', 'Siemens SIMOCODE pro V EIP', 'Siemens SIMOCODE pro V PN', 'Siemens SITOP Manager', 'Siemens SITOP PSU8600', 'Siemens SITOP UPS1600', 'Siemens SIAMTIC RF185C', 'Siemens SIMATIC CP343-1 Advanced', 'Siemens SIMATIC CP443-1', 'Siemens SIMATIC CP443-1 Advanced', 'Siemens SIMATIC ET 200 SP Open Controller CPU 1515SP PC2']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6568"
    }
  },
  "description": "Siemens CP\uff0cSIAMTIC\uff0cSIMOCODE\uff0cSINAMICS\uff0cSITOP\u548cTIM\u90fd\u662f\u897f\u95e8\u5b50\u516c\u53f8\u751f\u4ea7\u7684\u8bbe\u5907\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff0cWeb\u670d\u52a1\u5668\u91cd\u542f\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109759122\r\nhttps://support.industry.siemens.com/cs/ww/en/ps/13752/dl\r\nhttps://support.industry.siemens.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-12904",
  "openTime": "2019-05-05",
  "patchDescription": "Siemens CP\uff0cSIAMTIC\uff0cSIMOCODE\uff0cSINAMICS\uff0cSITOP\u548cTIM\u90fd\u662f\u897f\u95e8\u5b50\u516c\u53f8\u751f\u4ea7\u7684\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff0cWeb\u670d\u52a1\u5668\u91cd\u542f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC WinAC RTX 2010 SP2 All",
      "SIEMENS SIMATIC S7-300 CPU family All",
      "Siemens SIMATIC S7-400 PN/DP V7",
      "Siemens SIMATIC S7-1500 Software Controller",
      "Siemens SINAMICS S120",
      "Siemens SINAMICS G130 and G150",
      "SIEMENS SIMATIC RF182C",
      "Siemens SIMATIC WinCC Runtime Advanced",
      "Siemens SIMATIC CP443-1 OPC UA",
      "Siemens SIMATIC IPC DiagMonitor",
      "Siemens SIMATIC RF188C",
      "Siemens SIMATIC RF600R",
      "Siemens CP1604",
      "Siemens CP1616",
      "Siemens SIMATIC ET 200 SP Open Controller CPU 1515SP PC \u003cv2.1.6",
      "Siemens SIMATIC HMI Comfort Panels 4\" - 22\"",
      "Siemens SIMATIC HMI KTP Mobile Panels\uff08KTP400F\u3001KTP700\u3001KTP700F\u3001KTP900\u548cKTP900F\uff09",
      "Siemens SIMATIC S7-1500 CPU family",
      "Siemens SIMATIC S7-400 PN V6",
      "Siemens SINAMICS S150",
      "Siemens SINAMICS S210 v5.1",
      "Siemens SINAMICS S210 v5.1 SP1",
      "Siemens TIM 1531 IRC",
      "Siemens SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\"",
      "Siemens SIMATIC RF181-EIP",
      "Siemens SIMATIC RF186C",
      "Siemens SIMATIC S7-PLCSIM Advanced",
      "Siemens SIMATIC Teleservice Adapter IE Advanced",
      "Siemens SIMATIC Teleservice Adapter IE Basic",
      "Siemens SIMATIC Teleservice Adapter IE Standard",
      "Siemens SIMOCODE pro V EIP",
      "Siemens SIMOCODE pro V PN",
      "Siemens SITOP Manager",
      "Siemens SITOP PSU8600",
      "Siemens SITOP UPS1600",
      "Siemens SIAMTIC RF185C",
      "Siemens SIMATIC CP343-1 Advanced",
      "Siemens SIMATIC CP443-1",
      "Siemens SIMATIC CP443-1 Advanced",
      "Siemens SIMATIC ET 200 SP Open Controller CPU 1515SP PC2"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-19-099-06",
  "serverity": "\u4e2d",
  "submitTime": "2019-04-10",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.