cnvd-2020-23038
Vulnerability from cnvd

Title: 多款Siemens产品输入验证错误漏洞(CNVD-2020-23038)

Description:

Siemens SIMATIC PCS 7和SIMATIC WinCC都是德国西门子(Siemens)公司的产品。SIMATIC PCS 7是一套过程控制系统。SIMATIC WinCC是一套自动化的数据采集与监控(SCADA)系统。

多款Siemens产品中存在输入验证错误漏洞,攻击者可借助特制消息利用该漏洞导致拒绝服务。

Severity:

Patch Name: 多款Siemens产品输入验证错误漏洞(CNVD-2020-23038)的补丁

Patch Description:

Siemens SIMATIC PCS 7和SIMATIC WinCC都是德国西门子(Siemens)公司的产品。SIMATIC PCS 7是一套过程控制系统。SIMATIC WinCC是一套自动化的数据采集与监控(SCADA)系统。

多款Siemens产品中存在输入验证错误漏洞,攻击者可借助特制消息利用该漏洞导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf

Reference: https://www.us-cert.gov/ics/advisories/icsa-20-042-06

Impacted products
Name
['SIEMENS SIMATIC NET PC-Software', 'Siemens OpenPCS 7 V8.1', 'Siemens OpenPCS 7 V8.2', 'Siemens SIMATIC BATCH V8.1', 'Siemens SIMATIC BATCH V8.2', 'Siemens SIMATIC Route Control V8.1', 'Siemens SIMATIC Route Control V8.2', 'SIEMENS SIMATIC WinCC V7.3', 'SIEMENS SIMATIC WinCC V7.4', 'SIEMENS Siemens SIMATIC PCS 7 V8.1', 'SIEMENS Siemens SIMATIC PCS 7 V8.2', 'SIEMENS Siemens SIMATIC PCS 7 V9.0', 'Siemens OpenPCS 7 V9.0', 'Siemens SIMATIC BATCH V9.0', 'Siemens SIMATIC Route Control V9.0', 'SIEMENS SIMATIC WinCC(TIA Portal) 14.0.1', 'SIEMENS SIMATIC WinCC(TIA Portal) 15.1', 'SIEMENS SIMATIC WinCC(TIA Portal) 16', 'Siemens SIMATIC WinCC <7.5.1 Upd1', 'SIEMENS SIMATIC WinCC(TIA Portal) <13 SP2']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19282"
    }
  },
  "description": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SIMATIC PCS 7\u662f\u4e00\u5957\u8fc7\u7a0b\u63a7\u5236\u7cfb\u7edf\u3002SIMATIC WinCC\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-23038",
  "openTime": "2020-04-16",
  "patchDescription": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SIMATIC PCS 7\u662f\u4e00\u5957\u8fc7\u7a0b\u63a7\u5236\u7cfb\u7edf\u3002SIMATIC WinCC\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-23038\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC NET PC-Software",
      "Siemens OpenPCS 7 V8.1",
      "Siemens OpenPCS 7 V8.2",
      "Siemens SIMATIC BATCH V8.1",
      "Siemens SIMATIC BATCH V8.2",
      "Siemens SIMATIC Route Control V8.1",
      "Siemens SIMATIC Route Control V8.2",
      "SIEMENS SIMATIC WinCC V7.3",
      "SIEMENS SIMATIC WinCC V7.4",
      "SIEMENS Siemens SIMATIC PCS 7 V8.1",
      "SIEMENS Siemens SIMATIC PCS 7 V8.2",
      "SIEMENS Siemens SIMATIC PCS 7 V9.0",
      "Siemens OpenPCS 7 V9.0",
      "Siemens SIMATIC BATCH V9.0",
      "Siemens SIMATIC Route Control V9.0",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 14.0.1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 15.1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 16",
      "Siemens SIMATIC WinCC \u003c7.5.1 Upd1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 \u003c13 SP2"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-12",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-23038\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.