Vulnerability-Lookup

CVE-2019-19282 (GCVE-0-2019-19282)

Vulnerability from cvelistv5 – Published: 2020-03-10 19:16 – Updated: 2024-08-05 02:09

Summary

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE

CWE-131 - Incorrect Calculation of Buffer Size

Assigner

siemens

References

1 reference

URL	Tags
https://cert-portal.siemens.com/productcert/pdf/s…

Impacted products

22 products

Vendor	Product	Version
Siemens	OpenPCS 7 V8.1	Affected: All versions
Siemens	OpenPCS 7 V8.2	Affected: All versions
Siemens	OpenPCS 7 V9.0	Affected: All versions < V9.0 Upd3
Siemens	SIMATIC BATCH V8.1	Affected: All versions
Siemens	SIMATIC BATCH V8.2	Affected: All versions < V8.2 Upd12
Siemens	SIMATIC BATCH V9.0	Affected: All versions < V9.0 SP1 Upd5
Siemens	SIMATIC NET PC Software V14	Affected: All versions < V14 SP1 Update 14
Siemens	SIMATIC NET PC Software V15	Affected: All versions
Siemens	SIMATIC NET PC Software V16	Affected: All versions < V16 Update 1
Siemens	SIMATIC PCS 7 V8.1	Affected: All versions
Siemens	SIMATIC PCS 7 V8.2	Affected: All versions
Siemens	SIMATIC PCS 7 V9.0	Affected: All versions < V9.0 SP3
Siemens	SIMATIC Route Control V8.1	Affected: All versions
Siemens	SIMATIC Route Control V8.2	Affected: All versions
Siemens	SIMATIC Route Control V9.0	Affected: All versions < V9.0 Upd4
Siemens	SIMATIC WinCC (TIA Portal) V13	Affected: All versions < V13 SP2
Siemens	SIMATIC WinCC (TIA Portal) V14	Affected: All versions < V14 SP1 Update 10
Siemens	SIMATIC WinCC (TIA Portal) V15.1	Affected: All versions < V15.1 Update 5
Siemens	SIMATIC WinCC (TIA Portal) V16	Affected: All versions < V16 Update 1
Siemens	SIMATIC WinCC V7.3	Affected: All versions
Siemens	SIMATIC WinCC V7.4	Affected: All versions < V7.4 SP1 Update 14
Siemens	SIMATIC WinCC V7.5	Affected: All versions < V7.5 SP1 Update 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:09:39.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "OpenPCS 7 V8.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "OpenPCS 7 V8.2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "OpenPCS 7 V9.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.0 Upd3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC BATCH V8.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC BATCH V8.2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.2 Upd12"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC BATCH V9.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.0 SP1 Upd5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC NET PC Software V14",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V14 SP1 Update 14"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC NET PC Software V15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC NET PC Software V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V8.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V8.2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V9.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.0 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Route Control V8.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Route Control V8.2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Route Control V9.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.0 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC (TIA Portal) V13",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13 SP2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC (TIA Portal) V14",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V14 SP1 Update 10"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC (TIA Portal) V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V7.3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V7.4",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.4 SP1 Update 14"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V7.5",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.5 SP1 Update 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions \u003c V8.2 Upd12), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131: Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:01:49.748Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-19282",
    "datePublished": "2020-03-10T19:16:17.000Z",
    "dateReserved": "2019-11-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:09:39.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-19282",
      "date": "2026-05-27",
      "epss": "0.00552",
      "percentile": "0.68232"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:openpcs_7:9.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CBF717A-B2D4-459C-894A-65622570645D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:openpcs_7:9.0_update_1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"957DDF70-1837-4E92-A707-944AD6ED4304\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_batch:9.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E54F6E83-C353-44FB-9F37-C03DA344A5DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_batch:9.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E19D98B-B40A-4589-8C26-7722C25EEC63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"85CDD274-B2B4-4DB0-9917-C16B5D900006\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B435D51-FFA2-4F19-9B51-404BB37D7F0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFBBC7D6-D1D4-452E-A744-B490CF002354\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4:*:*:*:*:*:*\", \"matchCriteriaId\": \"98BC62E3-4C0B-481A-9274-B9C785F8FDC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16\", \"matchCriteriaId\": \"744B5953-511F-42CA-80A0-DBE36A6AA144\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"496E3C43-5DA8-4983-8AC6-0F32454E22F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"858628AC-EA69-4D72-AE23-77A4A8DE2547\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4A75F15-8F47-4348-A85C-D94BBA8F9992\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A42E3FB0-6C66-4702-BDC8-39EEA54B5C0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AA0E077-AB19-473B-9454-8FED7188A2C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"19EA3CAD-E7CB-412F-A2EA-86A81EC25425\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_route_control:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.0\", \"matchCriteriaId\": \"885BA05F-BD8F-4DE9-BDD3-6C2C76418B05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_route_control:9.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"57073CE8-174E-429D-A721-AB14C7D16D4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2637C346-8AAF-481F-AFB0-BAD4254D14F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9589FF11-4F9B-40F6-A6C6-55405B9EE351\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DB57B3A-C3B6-4E61-9DAE-B12CEA8CD093\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA6B2933-9C44-480C-96DC-6DF8C88950AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12:*:*:*:*:*:*\", \"matchCriteriaId\": \"45097864-DD87-4587-997B-792F0175472B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FB24A30-0F93-430D-817E-05E4594C8823\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"25237B9A-2E51-4F17-BD75-04D245CCC51D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3:*:*:*:*:*:*\", \"matchCriteriaId\": \"90643D49-9EFC-4B9A-99C8-266135DF2E00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC4D7B24-91FF-4891-ABC3-683A6C72ADDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1DD77A4-1716-4793-AD73-79D04E3D2AEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E667123-6909-4DF2-8CEB-6E87E9FC48BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7:*:*:*:*:*:*\", \"matchCriteriaId\": \"04A5C76A-5D6D-47F8-BEF7-503F9A89AD18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8:*:*:*:*:*:*\", \"matchCriteriaId\": \"E776629C-904C-49D6-BF3F-8520FA7D5DFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9:*:*:*:*:*:*\", \"matchCriteriaId\": \"805DAA15-03A3-4F63-90F7-EA130E5136F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E79DA14E-419C-49BA-8E4F-2907E1D8937F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:*:*:*:*:*\", \"matchCriteriaId\": \"00A48A8E-C112-4778-8A7B-2386E88A0177\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3D10C7E-5FD5-4B37-884B-B450DE5F800B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D9FE447-2090-47D2-8667-5DC7605089BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB4FFADC-51F0-439F-9F80-D2B2614FFC39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE5A7162-F1B5-4E74-99D6-4108AC4C49FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"50B77C2A-4D66-4407-8CA4-99C43ED72DDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9794ED7E-EB17-4C95-B900-840A48758F03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"57E82CFE-4191-4055-A0BA-EAB7BE96D947\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4DBBDAA-BCAE-4B63-BDFC-3DD70DAD9B7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5AF87C6-F8D6-4462-9DF5-B9D301002B1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4316924-9EF8-4835-A2E4-0C81F4DE473D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions \u003c V8.2 Upd12), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\\nSuccessful exploitation requires no system privileges and no user interaction.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en OpenPCS 7 V8.1 (Todas las versiones), OpenPCS 7 V8.2 (Todas las versiones), OpenPCS 7 V9.0 (Todas las versiones anteriores a V9.0 Upd3), SIMATIC BATCH V8.1 (Todas las versiones), SIMATIC BATCH V8.2 (Todas las versiones), SIMATIC BATCH V9.0 (Todas las versiones anteriores a V9. 0 SP1 Upd5), SIMATIC NET PC Software V14 (Todas las versiones anteriores a V14 SP1 Update 14), SIMATIC NET PC Software V15 (Todas las versiones), SIMATIC NET PC Software V16 (Todas las versiones anteriores a V16 Update 1), SIMATIC PCS 7 V8.1 (Todas las versiones), SIMATIC PCS 7 V8.2 (Todas las versiones), SIMATIC PCS 7 V9.0 (Todas las versiones anteriores a V9. 0 SP3), SIMATIC Route Control V8.1 (Todas las versiones), SIMATIC Route Control V8.2 (Todas las versiones), SIMATIC Route Control V9.0 (Todas las versiones anteriores a V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (Todas las versiones anteriores a V13 SP2), SIMATIC WinCC (TIA Portal) V14 (Todas las versiones anteriores a V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15. 1 (Todas las versiones anteriores a V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (Todas las versiones anteriores a V16 Update 1), SIMATIC WinCC V7.3 (Todas las versiones), SIMATIC WinCC V7.4 (Todas las versiones anteriores a V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (Todas las versiones anteriores a V7.5 SP1 Update 1). A trav\\u00e9s de mensajes especialmente dise\\u00f1ados, cuando la comunicaci\\u00f3n cifrada est\\u00e1 habilitada, un atacante con acceso a la red podr\\u00eda utilizar la vulnerabilidad para comprometer la disponibilidad del sistema causando una condici\\u00f3n de denegaci\\u00f3n de servicio. La explotaci\\u00f3n exitosa no requiere privilegios del sistema ni interacci\\u00f3n del usuario\"}]",
      "id": "CVE-2019-19282",
      "lastModified": "2024-11-21T04:34:29.480",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-03-10T20:15:18.960",
      "references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-131\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-19282\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2020-03-10T20:15:18.960\",\"lastModified\":\"2024-11-21T04:34:29.480\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions \u003c V8.2 Upd12), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\\nSuccessful exploitation requires no system privileges and no user interaction.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en OpenPCS 7 V8.1 (Todas las versiones), OpenPCS 7 V8.2 (Todas las versiones), OpenPCS 7 V9.0 (Todas las versiones anteriores a V9.0 Upd3), SIMATIC BATCH V8.1 (Todas las versiones), SIMATIC BATCH V8.2 (Todas las versiones), SIMATIC BATCH V9.0 (Todas las versiones anteriores a V9. 0 SP1 Upd5), SIMATIC NET PC Software V14 (Todas las versiones anteriores a V14 SP1 Update 14), SIMATIC NET PC Software V15 (Todas las versiones), SIMATIC NET PC Software V16 (Todas las versiones anteriores a V16 Update 1), SIMATIC PCS 7 V8.1 (Todas las versiones), SIMATIC PCS 7 V8.2 (Todas las versiones), SIMATIC PCS 7 V9.0 (Todas las versiones anteriores a V9. 0 SP3), SIMATIC Route Control V8.1 (Todas las versiones), SIMATIC Route Control V8.2 (Todas las versiones), SIMATIC Route Control V9.0 (Todas las versiones anteriores a V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (Todas las versiones anteriores a V13 SP2), SIMATIC WinCC (TIA Portal) V14 (Todas las versiones anteriores a V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15. 1 (Todas las versiones anteriores a V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (Todas las versiones anteriores a V16 Update 1), SIMATIC WinCC V7.3 (Todas las versiones), SIMATIC WinCC V7.4 (Todas las versiones anteriores a V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (Todas las versiones anteriores a V7.5 SP1 Update 1). A trav\u00e9s de mensajes especialmente dise\u00f1ados, cuando la comunicaci\u00f3n cifrada est\u00e1 habilitada, un atacante con acceso a la red podr\u00eda utilizar la vulnerabilidad para comprometer la disponibilidad del sistema causando una condici\u00f3n de denegaci\u00f3n de servicio. La explotaci\u00f3n exitosa no requiere privilegios del sistema ni interacci\u00f3n del usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-131\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:openpcs_7:9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CBF717A-B2D4-459C-894A-65622570645D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:openpcs_7:9.0_update_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"957DDF70-1837-4E92-A707-944AD6ED4304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_batch:9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E54F6E83-C353-44FB-9F37-C03DA344A5DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_batch:9.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E19D98B-B40A-4589-8C26-7722C25EEC63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CDD274-B2B4-4DB0-9917-C16B5D900006\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B435D51-FFA2-4F19-9B51-404BB37D7F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFBBC7D6-D1D4-452E-A744-B490CF002354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"98BC62E3-4C0B-481A-9274-B9C785F8FDC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16\",\"matchCriteriaId\":\"744B5953-511F-42CA-80A0-DBE36A6AA144\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"496E3C43-5DA8-4983-8AC6-0F32454E22F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"858628AC-EA69-4D72-AE23-77A4A8DE2547\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4A75F15-8F47-4348-A85C-D94BBA8F9992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A42E3FB0-6C66-4702-BDC8-39EEA54B5C0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AA0E077-AB19-473B-9454-8FED7188A2C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"19EA3CAD-E7CB-412F-A2EA-86A81EC25425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_route_control:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0\",\"matchCriteriaId\":\"885BA05F-BD8F-4DE9-BDD3-6C2C76418B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_route_control:9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"57073CE8-174E-429D-A721-AB14C7D16D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2637C346-8AAF-481F-AFB0-BAD4254D14F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9589FF11-4F9B-40F6-A6C6-55405B9EE351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DB57B3A-C3B6-4E61-9DAE-B12CEA8CD093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA6B2933-9C44-480C-96DC-6DF8C88950AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"45097864-DD87-4587-997B-792F0175472B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FB24A30-0F93-430D-817E-05E4594C8823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"25237B9A-2E51-4F17-BD75-04D245CCC51D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"90643D49-9EFC-4B9A-99C8-266135DF2E00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC4D7B24-91FF-4891-ABC3-683A6C72ADDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1DD77A4-1716-4793-AD73-79D04E3D2AEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E667123-6909-4DF2-8CEB-6E87E9FC48BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"04A5C76A-5D6D-47F8-BEF7-503F9A89AD18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"E776629C-904C-49D6-BF3F-8520FA7D5DFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"805DAA15-03A3-4F63-90F7-EA130E5136F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79DA14E-419C-49BA-8E4F-2907E1D8937F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:*:*:*:*:*\",\"matchCriteriaId\":\"00A48A8E-C112-4778-8A7B-2386E88A0177\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3D10C7E-5FD5-4B37-884B-B450DE5F800B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D9FE447-2090-47D2-8667-5DC7605089BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB4FFADC-51F0-439F-9F80-D2B2614FFC39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE5A7162-F1B5-4E74-99D6-4108AC4C49FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"50B77C2A-4D66-4407-8CA4-99C43ED72DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9794ED7E-EB17-4C95-B900-840A48758F03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E82CFE-4191-4055-A0BA-EAB7BE96D947\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4DBBDAA-BCAE-4B63-BDFC-3DD70DAD9B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5AF87C6-F8D6-4462-9DF5-B9D301002B1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4316924-9EF8-4835-A2E4-0C81F4DE473D\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC CP 1626
Siemens	N/A	SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC RF180C
Siemens	N/A	SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS)
Siemens	N/A	SCALANCE S602, S612, S623, S627-2M, S627-2M
Siemens	N/A	SIMATIC WinCC (TIA Portal) V14.0.1
Siemens	N/A	SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules
Siemens	N/A	SIMOTION P320-4E
Siemens	N/A	SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2
Siemens	N/A	TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0
Siemens	N/A	SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E
Siemens	N/A	OZW672 versions antérieures à V10.00
Siemens	N/A	SIMATIC BATCH V9.0
Siemens	N/A	SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3
Siemens	N/A	SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)
Siemens	N/A	SIMATIC PCS 7 V8.2
Siemens	N/A	SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2
Siemens	N/A	SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1
Siemens	N/A	OpenPCS 7 V8.1
Siemens	N/A	SIMATIC WinCC V7.3
Siemens	N/A	SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC Field PG M4, Field PG M5, Field PG M6
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Siemens	N/A	OpenPCS 7 V9.0
Siemens	N/A	SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1
Siemens	N/A	SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)
Siemens	N/A	SIMATIC Route Control V9.0
Siemens	N/A	SCALANCE XR-500 switch versions antérieures à V6.2.3
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6
Siemens	N/A	SINAMICS DCP versions antérieures à V1.3
Siemens	N/A	SIMATIC WinCC V7.4
Siemens	N/A	SIMATIC Route Control V8.2
Siemens	N/A	SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4
Siemens	N/A	SIMATIC WinCC (TIA Portal) V15.1
Siemens	N/A	SIMATIC RF600 versions antérieures à V3.2.1
Siemens	N/A	SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2
Siemens	N/A	SIMATIC ITP1000
Siemens	N/A	SIMATIC IPC Support, Package for VxWorks
Siemens	N/A	OZW772 versions antérieures à V10.00
Siemens	N/A	SCALANCE W700 IEEE 802.11n versions antérieures à V6.4
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)
Siemens	N/A	SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2
Siemens	N/A	SIMATIC PCS 7 V8.1
Siemens	N/A	IE/PB LINK PN IO (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC PCS 7 V9.0
Siemens	N/A	SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8
Siemens	N/A	RUGGEDCOM RM1224 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0
Siemens	N/A	SIMATIC RF182C
Siemens	N/A	SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)
Siemens	N/A	SIMOTION P320-4S
Siemens	N/A	PROFINET Driver for Controller versions antérieures à V2.1 Patch 03
Siemens	N/A	SCALANCE XM-400 switch versions antérieures à V6.2.3
Siemens	N/A	SIMATIC S7-1200 CPU (incl. variante SIPLUS)
Siemens	N/A	SIMATIC BATCH V8.1
Siemens	N/A	SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1
Siemens	N/A	SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA
Siemens	N/A	SIPORT MP versions antérieures à V3.1.4
Siemens	N/A	SIMATIC WinCC (TIA Portal) V16
Siemens	N/A	SIMATIC Route Control V8.1
Siemens	N/A	SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS)
Siemens	N/A	SIMATIC BATCH V8.2
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01
Siemens	N/A	SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF
Siemens	N/A	SCALANCE M-800 / S615 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)
Siemens	N/A	SIMATIC MV400
Siemens	N/A	OpenPCS 7 V8.2
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à 20.8
Siemens	N/A	SIMATIC NET PC Software

References

Title

Publication Time

CERTFR-2020-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC CP 1626
Siemens	N/A	SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC RF180C
Siemens	N/A	SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS)
Siemens	N/A	SCALANCE S602, S612, S623, S627-2M, S627-2M
Siemens	N/A	SIMATIC WinCC (TIA Portal) V14.0.1
Siemens	N/A	SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules
Siemens	N/A	SIMOTION P320-4E
Siemens	N/A	SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2
Siemens	N/A	TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0
Siemens	N/A	SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E
Siemens	N/A	OZW672 versions antérieures à V10.00
Siemens	N/A	SIMATIC BATCH V9.0
Siemens	N/A	SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3
Siemens	N/A	SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)
Siemens	N/A	SIMATIC PCS 7 V8.2
Siemens	N/A	SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2
Siemens	N/A	SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1
Siemens	N/A	OpenPCS 7 V8.1
Siemens	N/A	SIMATIC WinCC V7.3
Siemens	N/A	SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC Field PG M4, Field PG M5, Field PG M6
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Siemens	N/A	OpenPCS 7 V9.0
Siemens	N/A	SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1
Siemens	N/A	SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)
Siemens	N/A	SIMATIC Route Control V9.0
Siemens	N/A	SCALANCE XR-500 switch versions antérieures à V6.2.3
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6
Siemens	N/A	SINAMICS DCP versions antérieures à V1.3
Siemens	N/A	SIMATIC WinCC V7.4
Siemens	N/A	SIMATIC Route Control V8.2
Siemens	N/A	SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4
Siemens	N/A	SIMATIC WinCC (TIA Portal) V15.1
Siemens	N/A	SIMATIC RF600 versions antérieures à V3.2.1
Siemens	N/A	SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2
Siemens	N/A	SIMATIC ITP1000
Siemens	N/A	SIMATIC IPC Support, Package for VxWorks
Siemens	N/A	OZW772 versions antérieures à V10.00
Siemens	N/A	SCALANCE W700 IEEE 802.11n versions antérieures à V6.4
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)
Siemens	N/A	SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2
Siemens	N/A	SIMATIC PCS 7 V8.1
Siemens	N/A	IE/PB LINK PN IO (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC PCS 7 V9.0
Siemens	N/A	SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8
Siemens	N/A	RUGGEDCOM RM1224 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0
Siemens	N/A	SIMATIC RF182C
Siemens	N/A	SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)
Siemens	N/A	SIMOTION P320-4S
Siemens	N/A	PROFINET Driver for Controller versions antérieures à V2.1 Patch 03
Siemens	N/A	SCALANCE XM-400 switch versions antérieures à V6.2.3
Siemens	N/A	SIMATIC S7-1200 CPU (incl. variante SIPLUS)
Siemens	N/A	SIMATIC BATCH V8.1
Siemens	N/A	SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1
Siemens	N/A	SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA
Siemens	N/A	SIPORT MP versions antérieures à V3.1.4
Siemens	N/A	SIMATIC WinCC (TIA Portal) V16
Siemens	N/A	SIMATIC Route Control V8.1
Siemens	N/A	SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS)
Siemens	N/A	SIMATIC BATCH V8.2
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01
Siemens	N/A	SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF
Siemens	N/A	SCALANCE M-800 / S615 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)
Siemens	N/A	SIMATIC MV400
Siemens	N/A	OpenPCS 7 V8.2
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à 20.8
Siemens	N/A	SIMATIC NET PC Software

References

Title

Publication Time

BDU:2020-02442

Vulnerability from fstec - Published: 11.02.2020

Title

Уязвимость системы управления процессами Siemens SIMATIC PCS 7, SIMATIC WinCC и SIMATIC NET PC, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость системы управления процессами Siemens SIMATIC PCS 7, SIMATIC WinCC и SIMATIC NET PC связана с некорректным ограничением буфера для скачиваемых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Siemens AG

Software Name

OpenPCS 7, SIMATIC BATCH, SIMATIC Route Control, SIMATIC PCS 7, SIMATIC WinCC (TIA Portal), Simatic NET PC-Software, SIMATIC WinCC

Software Version

8.1 (OpenPCS 7), 8.2 (OpenPCS 7), 8.1 (SIMATIC BATCH), 8.2 (SIMATIC BATCH), 8.1 (SIMATIC Route Control), 8.2 (SIMATIC Route Control), 8.1 (SIMATIC PCS 7), 8.2 (SIMATIC PCS 7), от 13 до 13 SP2 (SIMATIC WinCC (TIA Portal)), 9.0 (OpenPCS 7), 9.0 (SIMATIC BATCH), до 16 (Simatic NET PC-Software), 9.0 (SIMATIC PCS 7), 9.0 (SIMATIC Route Control), 14 (SIMATIC WinCC (TIA Portal)), 15.1 (SIMATIC WinCC (TIA Portal)), 16 (SIMATIC WinCC (TIA Portal)), 7.3 (SIMATIC WinCC), 7.4 (SIMATIC WinCC), 7.5 (SIMATIC WinCC)

Possible Mitigations

Использование рекомендаций производителя: https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf

CWE

CWE-131

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8.1 (OpenPCS 7), 8.2 (OpenPCS 7), 8.1 (SIMATIC BATCH), 8.2 (SIMATIC BATCH), 8.1 (SIMATIC Route Control), 8.2 (SIMATIC Route Control), 8.1 (SIMATIC PCS 7), 8.2 (SIMATIC PCS 7), \u043e\u0442 13 \u0434\u043e 13 SP2 (SIMATIC WinCC (TIA Portal)), 9.0 (OpenPCS 7), 9.0 (SIMATIC BATCH), \u0434\u043e 16 (Simatic NET PC-Software), 9.0 (SIMATIC PCS 7), 9.0 (SIMATIC Route Control), 14 (SIMATIC WinCC (TIA Portal)), 15.1 (SIMATIC WinCC (TIA Portal)), 16 (SIMATIC WinCC (TIA Portal)), 7.3 (SIMATIC WinCC), 7.4 (SIMATIC WinCC), 7.5 (SIMATIC WinCC)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.02.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.06.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.05.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02442",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-19282",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenPCS 7, SIMATIC BATCH, SIMATIC Route Control, SIMATIC PCS 7, SIMATIC WinCC (TIA Portal), Simatic NET PC-Software, SIMATIC WinCC",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 Siemens SIMATIC PCS 7, SIMATIC WinCC \u0438 SIMATIC NET PC, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-131)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 Siemens SIMATIC PCS 7, SIMATIC WinCC \u0438 SIMATIC NET PC \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u043b\u044f \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c  \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-131",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CNVD-2020-23038

Vulnerability from cnvd - Published: 2020-04-16

Title

多款Siemens产品输入验证错误漏洞（CNVD-2020-23038）

Description

Siemens SIMATIC PCS 7和SIMATIC WinCC都是德国西门子（Siemens）公司的产品。SIMATIC PCS 7是一套过程控制系统。SIMATIC WinCC是一套自动化的数据采集与监控（SCADA）系统。多款Siemens产品中存在输入验证错误漏洞，攻击者可借助特制消息利用该漏洞导致拒绝服务。

Severity

高

Patch Name

多款Siemens产品输入验证错误漏洞（CNVD-2020-23038）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-042-06

Impacted products

Name
['SIEMENS SIMATIC NET PC-Software', 'Siemens OpenPCS 7 V8.1', 'Siemens OpenPCS 7 V8.2', 'Siemens SIMATIC BATCH V8.1', 'Siemens SIMATIC BATCH V8.2', 'Siemens SIMATIC Route Control V8.1', 'Siemens SIMATIC Route Control V8.2', 'SIEMENS SIMATIC WinCC V7.3', 'SIEMENS SIMATIC WinCC V7.4', 'SIEMENS Siemens SIMATIC PCS 7 V8.1', 'SIEMENS Siemens SIMATIC PCS 7 V8.2', 'SIEMENS Siemens SIMATIC PCS 7 V9.0', 'Siemens OpenPCS 7 V9.0', 'Siemens SIMATIC BATCH V9.0', 'Siemens SIMATIC Route Control V9.0', 'SIEMENS SIMATIC WinCC（TIA Portal） 14.0.1', 'SIEMENS SIMATIC WinCC（TIA Portal） 15.1', 'SIEMENS SIMATIC WinCC（TIA Portal） 16', 'Siemens SIMATIC WinCC <7.5.1 Upd1', 'SIEMENS SIMATIC WinCC（TIA Portal） <13 SP2']

Name

['SIEMENS SIMATIC NET PC-Software', 'Siemens OpenPCS 7 V8.1', 'Siemens OpenPCS 7 V8.2', 'Siemens SIMATIC BATCH V8.1', 'Siemens SIMATIC BATCH V8.2', 'Siemens SIMATIC Route Control V8.1', 'Siemens SIMATIC Route Control V8.2', 'SIEMENS SIMATIC WinCC V7.3', 'SIEMENS SIMATIC WinCC V7.4', 'SIEMENS Siemens SIMATIC PCS 7 V8.1', 'SIEMENS Siemens SIMATIC PCS 7 V8.2', 'SIEMENS Siemens SIMATIC PCS 7 V9.0', 'Siemens OpenPCS 7 V9.0', 'Siemens SIMATIC BATCH V9.0', 'Siemens SIMATIC Route Control V9.0', 'SIEMENS SIMATIC WinCC（TIA Portal） 14.0.1', 'SIEMENS SIMATIC WinCC（TIA Portal） 15.1', 'SIEMENS SIMATIC WinCC（TIA Portal） 16', 'Siemens SIMATIC WinCC <7.5.1 Upd1', 'SIEMENS SIMATIC WinCC（TIA Portal） <13 SP2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19282"
    }
  },
  "description": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SIMATIC PCS 7\u662f\u4e00\u5957\u8fc7\u7a0b\u63a7\u5236\u7cfb\u7edf\u3002SIMATIC WinCC\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-23038",
  "openTime": "2020-04-16",
  "patchDescription": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SIMATIC PCS 7\u662f\u4e00\u5957\u8fc7\u7a0b\u63a7\u5236\u7cfb\u7edf\u3002SIMATIC WinCC\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-23038\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC NET PC-Software",
      "Siemens OpenPCS 7 V8.1",
      "Siemens OpenPCS 7 V8.2",
      "Siemens SIMATIC BATCH V8.1",
      "Siemens SIMATIC BATCH V8.2",
      "Siemens SIMATIC Route Control V8.1",
      "Siemens SIMATIC Route Control V8.2",
      "SIEMENS SIMATIC WinCC V7.3",
      "SIEMENS SIMATIC WinCC V7.4",
      "SIEMENS Siemens SIMATIC PCS 7 V8.1",
      "SIEMENS Siemens SIMATIC PCS 7 V8.2",
      "SIEMENS Siemens SIMATIC PCS 7 V9.0",
      "Siemens OpenPCS 7 V9.0",
      "Siemens SIMATIC BATCH V9.0",
      "Siemens SIMATIC Route Control V9.0",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 14.0.1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 15.1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 16",
      "Siemens SIMATIC WinCC \u003c7.5.1 Upd1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 \u003c13 SP2"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-12",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-23038\uff09"
}

FKIE_CVE-2019-19282

Vulnerability from fkie_nvd - Published: 2020-03-10 20:15 - Updated: 2024-11-21 04:34

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	openpcs_7	9.0
siemens	openpcs_7	9.0_update_1
siemens	simatic_batch	9.0
siemens	simatic_batch	9.0
siemens	simatic_batch	9.0
siemens	simatic_batch	9.0
siemens	simatic_batch	9.0
siemens	simatic_batch	9.0
siemens	simatic_net_pc	*
siemens	simatic_net_pc	16
siemens	simatic_pcs_7	8.1
siemens	simatic_pcs_7	8.2
siemens	simatic_pcs_7	9.0
siemens	simatic_pcs_7	9.0
siemens	simatic_pcs_7	9.0
siemens	simatic_route_control	*
siemens	simatic_route_control	9.0
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.4
siemens	simatic_wincc	7.5
siemens	simatic_wincc	7.5
siemens	simatic_wincc	7.5.1
siemens	simatic_wincc	13
siemens	simatic_wincc	13
siemens	simatic_wincc	14.0.1
siemens	simatic_wincc	15.1
siemens	simatic_wincc	15.1
siemens	simatic_wincc	15.1
siemens	simatic_wincc	15.1
siemens	simatic_wincc	15.1
siemens	simatic_wincc	16

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:openpcs_7:9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1CBF717A-B2D4-459C-894A-65622570645D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:openpcs_7:9.0_update_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "957DDF70-1837-4E92-A707-944AD6ED4304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E54F6E83-C353-44FB-9F37-C03DA344A5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3E19D98B-B40A-4589-8C26-7722C25EEC63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1:*:*:*:*:*:*",
              "matchCriteriaId": "85CDD274-B2B4-4DB0-9917-C16B5D900006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2:*:*:*:*:*:*",
              "matchCriteriaId": "0B435D51-FFA2-4F19-9B51-404BB37D7F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3:*:*:*:*:*:*",
              "matchCriteriaId": "AFBBC7D6-D1D4-452E-A744-B490CF002354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4:*:*:*:*:*:*",
              "matchCriteriaId": "98BC62E3-4C0B-481A-9274-B9C785F8FDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "744B5953-511F-42CA-80A0-DBE36A6AA144",
              "versionEndExcluding": "16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*",
              "matchCriteriaId": "496E3C43-5DA8-4983-8AC6-0F32454E22F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "858628AC-EA69-4D72-AE23-77A4A8DE2547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4A75F15-8F47-4348-A85C-D94BBA8F9992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A42E3FB0-6C66-4702-BDC8-39EEA54B5C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7AA0E077-AB19-473B-9454-8FED7188A2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "19EA3CAD-E7CB-412F-A2EA-86A81EC25425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_route_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "885BA05F-BD8F-4DE9-BDD3-6C2C76418B05",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_route_control:9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "57073CE8-174E-429D-A721-AB14C7D16D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2637C346-8AAF-481F-AFB0-BAD4254D14F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1:*:*:*:*:*:*",
              "matchCriteriaId": "9589FF11-4F9B-40F6-A6C6-55405B9EE351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10:*:*:*:*:*:*",
              "matchCriteriaId": "1DB57B3A-C3B6-4E61-9DAE-B12CEA8CD093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11:*:*:*:*:*:*",
              "matchCriteriaId": "EA6B2933-9C44-480C-96DC-6DF8C88950AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12:*:*:*:*:*:*",
              "matchCriteriaId": "45097864-DD87-4587-997B-792F0175472B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13:*:*:*:*:*:*",
              "matchCriteriaId": "2FB24A30-0F93-430D-817E-05E4594C8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2:*:*:*:*:*:*",
              "matchCriteriaId": "25237B9A-2E51-4F17-BD75-04D245CCC51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3:*:*:*:*:*:*",
              "matchCriteriaId": "90643D49-9EFC-4B9A-99C8-266135DF2E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4:*:*:*:*:*:*",
              "matchCriteriaId": "AC4D7B24-91FF-4891-ABC3-683A6C72ADDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5:*:*:*:*:*:*",
              "matchCriteriaId": "D1DD77A4-1716-4793-AD73-79D04E3D2AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6:*:*:*:*:*:*",
              "matchCriteriaId": "5E667123-6909-4DF2-8CEB-6E87E9FC48BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7:*:*:*:*:*:*",
              "matchCriteriaId": "04A5C76A-5D6D-47F8-BEF7-503F9A89AD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8:*:*:*:*:*:*",
              "matchCriteriaId": "E776629C-904C-49D6-BF3F-8520FA7D5DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9:*:*:*:*:*:*",
              "matchCriteriaId": "805DAA15-03A3-4F63-90F7-EA130E5136F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "E79DA14E-419C-49BA-8E4F-2907E1D8937F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:*:*:*:*:*",
              "matchCriteriaId": "00A48A8E-C112-4778-8A7B-2386E88A0177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "D3D10C7E-5FD5-4B37-884B-B450DE5F800B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*",
              "matchCriteriaId": "0D9FE447-2090-47D2-8667-5DC7605089BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BB4FFADC-51F0-439F-9F80-D2B2614FFC39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5A7162-F1B5-4E74-99D6-4108AC4C49FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "50B77C2A-4D66-4407-8CA4-99C43ED72DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "9794ED7E-EB17-4C95-B900-840A48758F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "57E82CFE-4191-4055-A0BA-EAB7BE96D947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "C4DBBDAA-BCAE-4B63-BDFC-3DD70DAD9B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "B5AF87C6-F8D6-4462-9DF5-B9D301002B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*",
              "matchCriteriaId": "A4316924-9EF8-4835-A2E4-0C81F4DE473D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions \u003c V8.2 Upd12), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en OpenPCS 7 V8.1 (Todas las versiones), OpenPCS 7 V8.2 (Todas las versiones), OpenPCS 7 V9.0 (Todas las versiones anteriores a V9.0 Upd3), SIMATIC BATCH V8.1 (Todas las versiones), SIMATIC BATCH V8.2 (Todas las versiones), SIMATIC BATCH V9.0 (Todas las versiones anteriores a V9. 0 SP1 Upd5), SIMATIC NET PC Software V14 (Todas las versiones anteriores a V14 SP1 Update 14), SIMATIC NET PC Software V15 (Todas las versiones), SIMATIC NET PC Software V16 (Todas las versiones anteriores a V16 Update 1), SIMATIC PCS 7 V8.1 (Todas las versiones), SIMATIC PCS 7 V8.2 (Todas las versiones), SIMATIC PCS 7 V9.0 (Todas las versiones anteriores a V9. 0 SP3), SIMATIC Route Control V8.1 (Todas las versiones), SIMATIC Route Control V8.2 (Todas las versiones), SIMATIC Route Control V9.0 (Todas las versiones anteriores a V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (Todas las versiones anteriores a V13 SP2), SIMATIC WinCC (TIA Portal) V14 (Todas las versiones anteriores a V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15. 1 (Todas las versiones anteriores a V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (Todas las versiones anteriores a V16 Update 1), SIMATIC WinCC V7.3 (Todas las versiones), SIMATIC WinCC V7.4 (Todas las versiones anteriores a V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (Todas las versiones anteriores a V7.5 SP1 Update 1). A trav\u00e9s de mensajes especialmente dise\u00f1ados, cuando la comunicaci\u00f3n cifrada est\u00e1 habilitada, un atacante con acceso a la red podr\u00eda utilizar la vulnerabilidad para comprometer la disponibilidad del sistema causando una condici\u00f3n de denegaci\u00f3n de servicio. La explotaci\u00f3n exitosa no requiere privilegios del sistema ni interacci\u00f3n del usuario"
    }
  ],
  "id": "CVE-2019-19282",
  "lastModified": "2024-11-21T04:34:29.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-10T20:15:18.960",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-131"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-2PG9-8888-CQMC

Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10

Details

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC NET PC Software (All versions < V16 update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14.0.1 (All versions), SIMATIC WinCC (TIA Portal) V15.1 (All versions), SIMATIC WinCC (TIA Portal) V16 (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5.1 Upd1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19282"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-131"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC NET PC Software (All versions \u003c V16 update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14.0.1 (All versions), SIMATIC WinCC (TIA Portal) V15.1 (All versions), SIMATIC WinCC (TIA Portal) V16 (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions \u003c V7.5.1 Upd1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.",
  "id": "GHSA-2pg9-8888-cqmc",
  "modified": "2022-05-24T17:10:36Z",
  "published": "2022-05-24T17:10:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19282"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-19282

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-19282

Aliases

CVE-2019-19282

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19282",
    "description": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.",
    "id": "GSD-2019-19282"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19282"
      ],
      "details": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions \u003c V8.2 Upd12), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction.",
      "id": "GSD-2019-19282",
      "modified": "2023-12-13T01:23:54.596139Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2019-19282",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OpenPCS 7 V8.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "OpenPCS 7 V8.2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "OpenPCS 7 V9.0",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V9.0 Upd3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC BATCH V8.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC BATCH V8.2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V8.2 Upd12"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC BATCH V9.0",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V9.0 SP1 Upd5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC NET PC Software V14",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V14 SP1 Update 14"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC NET PC Software V15",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC NET PC Software V16",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V16 Update 1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC PCS 7 V8.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC PCS 7 V8.2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC PCS 7 V9.0",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V9.0 SP3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC Route Control V8.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC Route Control V8.2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC Route Control V9.0",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V9.0 Upd4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC WinCC (TIA Portal) V13",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V13 SP2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC WinCC (TIA Portal) V14",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V14 SP1 Update 10"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC WinCC (TIA Portal) V15.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V15.1 Update 5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC WinCC (TIA Portal) V16",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V16 Update 1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC WinCC V7.3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC WinCC V7.4",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V7.4 SP1 Update 14"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC WinCC V7.5",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V7.5 SP1 Update 1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions \u003c V8.2 Upd12), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-131",
                "lang": "eng",
                "value": "CWE-131: Incorrect Calculation of Buffer Size"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_route_control:9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:openpcs_7:9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_route_control:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:openpcs_7:9.0_update_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2019-19282"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions \u003c V8.2 Upd12), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-131"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-04-11T10:15Z",
      "publishedDate": "2020-03-10T20:15Z"
    }
  }
}

ICSA-20-042-06

Vulnerability from csaf_cisa - Published: 2020-02-11 00:00 - Updated: 2023-04-11 00:00

Summary

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update G)

Notes

Summary: A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available. Note: The vulnerability is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.

General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.

Critical infrastructure sectors: Multiple

Countries/areas deployed: Worldwide

Company headquarters location: Germany

Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CVE-2019-19282

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Known affected 22 products

Product	Version	Remediation
OpenPCS 7 V8.1 Siemens / OpenPCS 7 V8.1	vers:all/*	Mitigation No Fix Planned
OpenPCS 7 V8.2 Siemens / OpenPCS 7 V8.2	vers:all/*	Mitigation Mitigation No Fix Planned
OpenPCS 7 V9.0 Siemens / OpenPCS 7 V9.0	<V9.0_Upd3	Mitigation Vendor Fix
SIMATIC BATCH V8.1 Siemens / SIMATIC BATCH V8.1	vers:all/*	Mitigation No Fix Planned
SIMATIC BATCH V8.2 Siemens / SIMATIC BATCH V8.2	<vers:/_V8.2_Upd12	Mitigation Vendor Fix fix
SIMATIC BATCH V9.0 Siemens / SIMATIC BATCH V9.0	<V9.0_SP1_Upd5	Mitigation Vendor Fix
SIMATIC NET PC Software V14 Siemens / SIMATIC NET PC Software V14	<V14_SP1_Update_14	Mitigation Vendor Fix fix
SIMATIC NET PC Software V15 Siemens / SIMATIC NET PC Software V15	vers:all/*	Mitigation No Fix Planned
SIMATIC NET PC Software V16 Siemens / SIMATIC NET PC Software V16	<V16_Update_1	Mitigation Vendor Fix fix
SIMATIC PCS 7 V8.1 Siemens / SIMATIC PCS 7 V8.1	vers:all/*	Mitigation No Fix Planned
SIMATIC PCS 7 V8.2 Siemens / SIMATIC PCS 7 V8.2	vers:all/*	Mitigation Vendor Fix fix
SIMATIC PCS 7 V9.0 Siemens / SIMATIC PCS 7 V9.0	<V9.0_SP3	Mitigation Vendor Fix fix
SIMATIC Route Control V8.1 Siemens / SIMATIC Route Control V8.1	vers:all/*	Mitigation No Fix Planned
SIMATIC Route Control V8.2 Siemens / SIMATIC Route Control V8.2	vers:all/*	Mitigation Mitigation No Fix Planned
SIMATIC Route Control V9.0 Siemens / SIMATIC Route Control V9.0	<V9.0_Upd4	Mitigation Vendor Fix
SIMATIC WinCC (TIA Portal) V13 Siemens / SIMATIC WinCC (TIA Portal) V13	<V13_SP2	Mitigation Vendor Fix fix
SIMATIC WinCC (TIA Portal) V14 Siemens / SIMATIC WinCC (TIA Portal) V14	<V14_SP1_Update_10	Mitigation Vendor Fix fix
SIMATIC WinCC (TIA Portal) V15.1 Siemens / SIMATIC WinCC (TIA Portal) V15.1	<V15.1_Update_5	Mitigation Vendor Fix fix
SIMATIC WinCC (TIA Portal) V16 Siemens / SIMATIC WinCC (TIA Portal) V16	<V16_Update_1	Mitigation Vendor Fix fix
SIMATIC WinCC V7.3 Siemens / SIMATIC WinCC V7.3	vers:all/*	Mitigation No Fix Planned
SIMATIC WinCC V7.4 Siemens / SIMATIC WinCC V7.4	<V7.4_SP1_Update_14	Mitigation Vendor Fix fix
SIMATIC WinCC V7.5 Siemens / SIMATIC WinCC V7.5	<V7.5_SP1_Update_1	Mitigation Vendor Fix fix

References

12 references

URL	Category
https://cert-portal.siemens.com/productcert/csaf/…	self
https://cert-portal.siemens.com/productcert/html/…	self
https://cert-portal.siemens.com/productcert/pdf/s…	self
https://cert-portal.siemens.com/productcert/txt/s…	self
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external

Acknowledgments

Siemens ProductCERT

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens ProductCERT",
        "summary": "reporting this vulnerability to CISA."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow \nan attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.\n\nNote: The vulnerability is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "other",
        "text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Multiple",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-270778.json"
      },
      {
        "category": "self",
        "summary": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-270778.html"
      },
      {
        "category": "self",
        "summary": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-270778.txt"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-042-06 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-042-06.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-042-06 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-042-06"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update G)",
    "tracking": {
      "current_release_date": "2023-04-11T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-042-06",
      "initial_release_date": "2020-02-11T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-02-11T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2020-03-10T00:00:00.000000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added solution for SIMATIC NET PC Software"
        },
        {
          "date": "2020-04-14T00:00:00.000000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added solution for SIMATIC WinCC (TIA Portal) V16"
        },
        {
          "date": "2020-05-12T00:00:00.000000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added solution for SIMATIC WinCC V7.4"
        },
        {
          "date": "2020-07-14T00:00:00.000000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added solution for SIMATIC PCS 7 V9.0"
        },
        {
          "date": "2020-09-08T00:00:00.000000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added solution for SIMATIC WinCC (TIA Portal) V15.1"
        },
        {
          "date": "2021-01-12T00:00:00.000000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added solution for SIMATIC WinCC (TIA Portal) V14"
        },
        {
          "date": "2022-04-12T00:00:00.000000Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added solution for SIMATIC PCS 7 V8.2 and related components; added solution for SIMATIC NET PC Software V14 and clarified affected versions; added a note regarding shared components"
        },
        {
          "date": "2023-04-11T00:00:00.000000Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added fix for SIMATIC BATCH V8.2; updated fix information for OpenPCS 7 V8.2 and SIMATIC Route Control V8.2; added download links for SIMATIC PCS 7 V8.2 SP1 and V9.0 SP3"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "OpenPCS 7 V8.1",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "OpenPCS 7 V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "OpenPCS 7 V8.2",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "OpenPCS 7 V8.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV9.0_Upd3",
                "product": {
                  "name": "OpenPCS 7 V9.0",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "OpenPCS 7 V9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC BATCH V8.1",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC BATCH V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cvers:/_V8.2_Upd12",
                "product": {
                  "name": "SIMATIC BATCH V8.2",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC BATCH V8.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV9.0_SP1_Upd5",
                "product": {
                  "name": "SIMATIC BATCH V9.0",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC BATCH V9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV14_SP1_Update_14",
                "product": {
                  "name": "SIMATIC NET PC Software V14",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC NET PC Software V14"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC NET PC Software V15",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC NET PC Software V15"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV16_Update_1",
                "product": {
                  "name": "SIMATIC NET PC Software V16",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC NET PC Software V16"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC PCS 7 V8.1",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS 7 V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC PCS 7 V8.2",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS 7 V8.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV9.0_SP3",
                "product": {
                  "name": "SIMATIC PCS 7 V9.0",
                  "product_id": "CSAFPID-0012"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS 7 V9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC Route Control V8.1",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Route Control V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC Route Control V8.2",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Route Control V8.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV9.0_Upd4",
                "product": {
                  "name": "SIMATIC Route Control V9.0",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Route Control V9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV13_SP2",
                "product": {
                  "name": "SIMATIC WinCC (TIA Portal) V13",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC (TIA Portal) V13"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV14_SP1_Update_10",
                "product": {
                  "name": "SIMATIC WinCC (TIA Portal) V14",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC (TIA Portal) V14"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV15.1_Update_5",
                "product": {
                  "name": "SIMATIC WinCC (TIA Portal) V15.1",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC (TIA Portal) V15.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV16_Update_1",
                "product": {
                  "name": "SIMATIC WinCC (TIA Portal) V16",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC (TIA Portal) V16"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC WinCC V7.3",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC V7.3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV7.4_SP1_Update_14",
                "product": {
                  "name": "SIMATIC WinCC V7.4",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC V7.4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV7.5_SP1_Update_1",
                "product": {
                  "name": "SIMATIC WinCC V7.5",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC V7.5"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19282",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Use VPN for protecting network communication between cells",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        },
        {
          "category": "mitigation",
          "details": "The vulnerability is fixed if SIMATIC WinCC V7.4 SP1 Update 14 or later version is installed on the same system",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0014"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0004",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0020"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V8.2 Upd12 or later version",
          "product_ids": [
            "CSAFPID-0005"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109757796/"
        },
        {
          "category": "vendor_fix",
          "details": "See remediation for SIMATIC PCS 7 V9.0",
          "product_ids": [
            "CSAFPID-0003",
            "CSAFPID-0006",
            "CSAFPID-0015"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V8.2 SP1; then update SIMATIC WinCC to V7.4 SP1 Update 14 or later version on the same system",
          "product_ids": [
            "CSAFPID-0011"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109758443/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.0 SP3 or later version",
          "product_ids": [
            "CSAFPID-0012"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109780584/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V13 SP2 or later version",
          "product_ids": [
            "CSAFPID-0016"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109759782/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V15.1 Update 5 or later version",
          "product_ids": [
            "CSAFPID-0018"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109763890/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V16 Update 1 or later version",
          "product_ids": [
            "CSAFPID-0019"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109775861/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.4 SP1 Update 14 or later version",
          "product_ids": [
            "CSAFPID-0021"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109779373/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.5 SP1 Update 1 or later version",
          "product_ids": [
            "CSAFPID-0022"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109773812/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V14 SP1 Update 10 or later version",
          "product_ids": [
            "CSAFPID-0017"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109747387/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V14 SP1 Update 14 or later version",
          "product_ids": [
            "CSAFPID-0007"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109807351/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V16 Update 1 or later version",
          "product_ids": [
            "CSAFPID-0009"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109778547/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022"
          ]
        }
      ],
      "title": "CVE-2019-19282"
    }
  ]
}

SSA-270778

Vulnerability from csaf_siemens - Published: 2020-02-11 00:00 - Updated: 2023-04-11 00:00

Summary

SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software

Notes

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

CVE-2019-19282

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Known affected 22 products

Product	Version	Remediation
OpenPCS 7 V8.1 Siemens / OpenPCS 7 V8.1	vers:all/*	Mitigation No Fix Planned
OpenPCS 7 V8.2 Siemens / OpenPCS 7 V8.2	vers:all/*	Mitigation Mitigation No Fix Planned
OpenPCS 7 V9.0 Siemens / OpenPCS 7 V9.0	All versions < V9.0 Upd3	Mitigation Vendor Fix
SIMATIC BATCH V8.1 Siemens / SIMATIC BATCH V8.1	vers:all/*	Mitigation No Fix Planned
SIMATIC BATCH V8.2 Siemens / SIMATIC BATCH V8.2	vers:all/<V8.2 Upd12	Mitigation Vendor Fix fix
SIMATIC BATCH V9.0 Siemens / SIMATIC BATCH V9.0	All versions < V9.0 SP1 Upd5	Mitigation Vendor Fix
SIMATIC NET PC Software V14 Siemens / SIMATIC NET PC Software V14	All versions < V14 SP1 Update 14	Mitigation Vendor Fix fix
SIMATIC NET PC Software V15 Siemens / SIMATIC NET PC Software V15	vers:all/*	Mitigation No Fix Planned
SIMATIC NET PC Software V16 Siemens / SIMATIC NET PC Software V16	All versions < V16 Update 1	Mitigation Vendor Fix fix
SIMATIC PCS 7 V8.1 Siemens / SIMATIC PCS 7 V8.1	vers:all/*	Mitigation No Fix Planned
SIMATIC PCS 7 V8.2 Siemens / SIMATIC PCS 7 V8.2	vers:all/*	Mitigation Vendor Fix fix
SIMATIC PCS 7 V9.0 Siemens / SIMATIC PCS 7 V9.0	All versions < V9.0 SP3	Mitigation Vendor Fix fix
SIMATIC Route Control V8.1 Siemens / SIMATIC Route Control V8.1	vers:all/*	Mitigation No Fix Planned
SIMATIC Route Control V8.2 Siemens / SIMATIC Route Control V8.2	vers:all/*	Mitigation Mitigation No Fix Planned
SIMATIC Route Control V9.0 Siemens / SIMATIC Route Control V9.0	All versions < V9.0 Upd4	Mitigation Vendor Fix
SIMATIC WinCC (TIA Portal) V13 Siemens / SIMATIC WinCC (TIA Portal) V13	All versions < V13 SP2	Mitigation Vendor Fix fix
SIMATIC WinCC (TIA Portal) V14 Siemens / SIMATIC WinCC (TIA Portal) V14	All versions < V14 SP1 Update 10	Mitigation Vendor Fix fix
SIMATIC WinCC (TIA Portal) V15.1 Siemens / SIMATIC WinCC (TIA Portal) V15.1	All versions < V15.1 Update 5	Mitigation Vendor Fix fix
SIMATIC WinCC (TIA Portal) V16 Siemens / SIMATIC WinCC (TIA Portal) V16	All versions < V16 Update 1	Mitigation Vendor Fix fix
SIMATIC WinCC V7.3 Siemens / SIMATIC WinCC V7.3	vers:all/*	Mitigation No Fix Planned
SIMATIC WinCC V7.4 Siemens / SIMATIC WinCC V7.4	All versions < V7.4 SP1 Update 14	Mitigation Vendor Fix fix
SIMATIC WinCC V7.5 Siemens / SIMATIC WinCC V7.5	All versions < V7.5 SP1 Update 1	Mitigation Vendor Fix fix

References

4 references

URL	Category
https://cert-portal.siemens.com/productcert/html/…	self
https://cert-portal.siemens.com/productcert/csaf/…	self
https://cert-portal.siemens.com/productcert/pdf/s…	self
https://cert-portal.siemens.com/productcert/txt/s…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow \nan attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.\n\nNote: The vulnerability is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-270778.html"
      },
      {
        "category": "self",
        "summary": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-270778.json"
      },
      {
        "category": "self",
        "summary": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-270778.txt"
      }
    ],
    "title": "SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software",
    "tracking": {
      "current_release_date": "2023-04-11T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-270778",
      "initial_release_date": "2020-02-11T00:00:00Z",
      "revision_history": [
        {
          "date": "2020-02-11T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2020-03-10T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added solution for SIMATIC NET PC Software"
        },
        {
          "date": "2020-04-14T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added solution for SIMATIC WinCC (TIA Portal) V16"
        },
        {
          "date": "2020-05-12T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added solution for SIMATIC WinCC V7.4"
        },
        {
          "date": "2020-07-14T00:00:00Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added solution for SIMATIC PCS 7 V9.0"
        },
        {
          "date": "2020-09-08T00:00:00Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added solution for SIMATIC WinCC (TIA Portal) V15.1"
        },
        {
          "date": "2021-01-12T00:00:00Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added solution for SIMATIC WinCC (TIA Portal) V14"
        },
        {
          "date": "2022-04-12T00:00:00Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added solution for SIMATIC PCS 7 V8.2 and related components; added solution for SIMATIC NET PC Software V14 and clarified affected versions; added a note regarding shared components"
        },
        {
          "date": "2023-04-11T00:00:00Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added fix for SIMATIC BATCH V8.2; updated fix information for OpenPCS 7 V8.2 and SIMATIC Route Control V8.2; added download links for SIMATIC PCS 7 V8.2 SP1 and V9.0 SP3"
        }
      ],
      "status": "interim",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "OpenPCS 7 V8.1",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "OpenPCS 7 V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "OpenPCS 7 V8.2",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "OpenPCS 7 V8.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V9.0 Upd3",
                "product": {
                  "name": "OpenPCS 7 V9.0",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "OpenPCS 7 V9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC BATCH V8.1",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC BATCH V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/\u003cV8.2 Upd12",
                "product": {
                  "name": "SIMATIC BATCH V8.2",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC BATCH V8.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V9.0 SP1 Upd5",
                "product": {
                  "name": "SIMATIC BATCH V9.0",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC BATCH V9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V14 SP1 Update 14",
                "product": {
                  "name": "SIMATIC NET PC Software V14",
                  "product_id": "7"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC NET PC Software V14"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC NET PC Software V15",
                  "product_id": "8"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC NET PC Software V15"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V16 Update 1",
                "product": {
                  "name": "SIMATIC NET PC Software V16",
                  "product_id": "9"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC NET PC Software V16"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC PCS 7 V8.1",
                  "product_id": "10"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS 7 V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC PCS 7 V8.2",
                  "product_id": "11"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS 7 V8.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V9.0 SP3",
                "product": {
                  "name": "SIMATIC PCS 7 V9.0",
                  "product_id": "12"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS 7 V9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC Route Control V8.1",
                  "product_id": "13"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Route Control V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC Route Control V8.2",
                  "product_id": "14"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Route Control V8.2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V9.0 Upd4",
                "product": {
                  "name": "SIMATIC Route Control V9.0",
                  "product_id": "15"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC Route Control V9.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V13 SP2",
                "product": {
                  "name": "SIMATIC WinCC (TIA Portal) V13",
                  "product_id": "16"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC (TIA Portal) V13"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V14 SP1 Update 10",
                "product": {
                  "name": "SIMATIC WinCC (TIA Portal) V14",
                  "product_id": "17"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC (TIA Portal) V14"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V15.1 Update 5",
                "product": {
                  "name": "SIMATIC WinCC (TIA Portal) V15.1",
                  "product_id": "18"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC (TIA Portal) V15.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V16 Update 1",
                "product": {
                  "name": "SIMATIC WinCC (TIA Portal) V16",
                  "product_id": "19"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC (TIA Portal) V16"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC WinCC V7.3",
                  "product_id": "20"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC V7.3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V7.4 SP1 Update 14",
                "product": {
                  "name": "SIMATIC WinCC V7.4",
                  "product_id": "21"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC V7.4"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V7.5 SP1 Update 1",
                "product": {
                  "name": "SIMATIC WinCC V7.5",
                  "product_id": "22"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC V7.5"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19282",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Use VPN for protecting network communication between cells",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22"
          ]
        },
        {
          "category": "mitigation",
          "details": "The vulnerability is fixed if SIMATIC WinCC V7.4 SP1 Update 14 or later version is installed on the same system",
          "product_ids": [
            "2",
            "14"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "1",
            "2",
            "4",
            "8",
            "10",
            "13",
            "14",
            "20"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V8.2 Upd12 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109757796/"
        },
        {
          "category": "vendor_fix",
          "details": "See remediation for SIMATIC PCS 7 V9.0",
          "product_ids": [
            "3",
            "6",
            "15"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V8.2 SP1; then update SIMATIC WinCC to V7.4 SP1 Update 14 or later version on the same system",
          "product_ids": [
            "11"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109758443/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.0 SP3 or later version",
          "product_ids": [
            "12"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109780584/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V13 SP2 or later version",
          "product_ids": [
            "16"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109759782/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V15.1 Update 5 or later version",
          "product_ids": [
            "18"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109763890/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V16 Update 1 or later version",
          "product_ids": [
            "19"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109775861/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.4 SP1 Update 14 or later version",
          "product_ids": [
            "21"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109779373/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V7.5 SP1 Update 1 or later version",
          "product_ids": [
            "22"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109773812/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V14 SP1 Update 10 or later version",
          "product_ids": [
            "17"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109747387/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V14 SP1 Update 14 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109807351/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V16 Update 1 or later version",
          "product_ids": [
            "9"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109778547/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22"
          ]
        }
      ],
      "title": "CVE-2019-19282"
    }
  ]
}

VAR-202003-0764

Vulnerability from variot - Updated: 2023-12-18 11:29

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0764",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "14.0.1"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "15.1"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "16"
      },
      {
        "model": "openpcs 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0_update_1"
      },
      {
        "model": "simatic pcs 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.2"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.4"
      },
      {
        "model": "openpcs 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "simatic net pc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "16"
      },
      {
        "model": "simatic route control",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.5.1"
      },
      {
        "model": "simatic net pc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "16"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.5"
      },
      {
        "model": "simatic pcs 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "simatic batch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic pcs 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.1"
      },
      {
        "model": "simatic route control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "simatic net pc software",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic openpcs 7",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic pcs 7",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic route control",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic net pc-software",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "openpcs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7v8.1"
      },
      {
        "model": "openpcs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7v8.2"
      },
      {
        "model": "simatic batch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v8.1"
      },
      {
        "model": "simatic batch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v8.2"
      },
      {
        "model": "simatic route control",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v8.1"
      },
      {
        "model": "simatic route control",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v8.2"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7.3"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7.4"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7v8.1"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7v8.2"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7v9.0"
      },
      {
        "model": "openpcs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7v9.0"
      },
      {
        "model": "simatic batch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v9.0"
      },
      {
        "model": "simatic route control",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v9.0"
      },
      {
        "model": "simatic wincc upd1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7.5.1"
      },
      {
        "model": "simatic wincc sp2",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic wincc",
        "version": "13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "openpcs 7",
        "version": "8.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "openpcs 7",
        "version": "8.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "openpcs 7",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic batch",
        "version": "8.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic batch",
        "version": "8.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic batch",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic net pc",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic net pc",
        "version": "16"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic pcs 7",
        "version": "8.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic pcs 7",
        "version": "8.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic pcs 7",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic route control",
        "version": "8.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic route control",
        "version": "8.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic route control",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc",
        "version": "7.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc",
        "version": "7.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc",
        "version": "7.5.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc",
        "version": "14.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc",
        "version": "15.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc",
        "version": "16"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_route_control:9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:openpcs_7:9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_route_control:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:openpcs_7:9.0_update_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nicholas Miles from Tenable reported this vulnerability to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-19282",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014892",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2020-23038",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-151713",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-19282",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014892",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-19282",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-19282",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014892",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-23038",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-592",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-151713",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-19282",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions \u003c V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions \u003c V8.2 Upd12), SIMATIC BATCH V9.0 (All versions \u003c V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions \u003c V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions \u003c V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions \u003c V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. \nSuccessful exploitation requires no system privileges and no user interaction. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SIMATIC PCS 7 and SIMATIC WinCC are products of the German company Siemens. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is a set of automated data acquisition and monitoring (SCADA) system. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19282"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-19282",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-06",
        "trust": 2.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-270778",
        "trust": 1.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038",
        "trust": 0.9
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-592",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-08",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-07",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-05",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-03",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-04",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-09",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-02",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-01",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-042-10",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0486",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0486.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0486.3",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "F4962B74-9C97-44A9-9A1D-5D93CF01F098",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-151713",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19282",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ]
  },
  "id": "VAR-202003-0764",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151713"
      }
    ],
    "trust": 1.60788166625
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:29:31.790000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-270778",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
      },
      {
        "title": "Patch for Multiple Siemens product input verification error vulnerabilities (CNVD-2020-23038)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/214033"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=800a481f0929c6152050035d1acdb727"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-131",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-151713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19282"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19282"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0486/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-042-06"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-042-06"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-151713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-11T00:00:00",
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "date": "2020-04-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "date": "2020-03-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151713"
      },
      {
        "date": "2020-03-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-19282"
      },
      {
        "date": "2020-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "date": "2020-03-10T20:15:18.960000",
        "db": "NVD",
        "id": "CVE-2019-19282"
      },
      {
        "date": "2020-02-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-23038"
      },
      {
        "date": "2020-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-151713"
      },
      {
        "date": "2022-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-19282"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      },
      {
        "date": "2023-04-11T10:15:08.857000",
        "db": "NVD",
        "id": "CVE-2019-19282"
      },
      {
        "date": "2023-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation vulnerabilities in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014892"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation error",
    "sources": [
      {
        "db": "IVD",
        "id": "f4962b74-9c97-44a9-9a1d-5d93cf01f098"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-592"
      }
    ],
    "trust": 0.8
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-19282 (GCVE-0-2019-19282)

Solution

Solution

Tags

Sightings

Nomenclature