CVE-2019-6568 - Vulnerability Details

The webserver of the affected devices contains a vulnerability that may lead to
a denial of service condition. An attacker may cause a denial of service
situation which leads to a restart of the webserver of the affected device.

The security vulnerability could be exploited by an attacker with network
access to the affected systems. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise availability of the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00408.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens Subscribe	Cp1604 Subscribe Cp1604 Firmware Subscribe Cp1616 Subscribe Cp1616 Firmware Subscribe Simatic Cp343-1 Advanced Subscribe Simatic Cp343-1 Advanced Firmware Subscribe Simatic Cp443-1 Subscribe Simatic Cp443-1 Advanced Subscribe Simatic Cp443-1 Advanced Firmware Subscribe Simatic Cp443-1 Firmware Subscribe Simatic Cp443-1 Opc Ua Subscribe Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Subscribe Simatic Et 200 Sp Open Controller Cpu 1515sp Pc2 Subscribe Simatic Et 200 Sp Open Controller Cpu 1515sp Pc2 Firmware Subscribe Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware Subscribe Simatic Hmi Comfort Outdoor Panels Subscribe Simatic Hmi Comfort Outdoor Panels Firmware Subscribe Simatic Hmi Comfort Panels Subscribe Simatic Hmi Comfort Panels Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp400f Subscribe Simatic Hmi Ktp Mobile Panels Ktp400f Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp700 Subscribe Simatic Hmi Ktp Mobile Panels Ktp700 Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp700f Subscribe Simatic Hmi Ktp Mobile Panels Ktp700f Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp900 Subscribe Simatic Hmi Ktp Mobile Panels Ktp900 Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp900f Subscribe Simatic Hmi Ktp Mobile Panels Ktp900f Firmware Subscribe Simatic Ipc Diagmonitor Subscribe Simatic Rf181-eip Subscribe Simatic Rf181-eip Firmware Subscribe Simatic Rf182c Subscribe Simatic Rf182c Firmware Subscribe Simatic Rf185c Subscribe Simatic Rf185c Firmware Subscribe Simatic Rf186c Subscribe Simatic Rf186c Firmware Subscribe Simatic Rf188c Subscribe Simatic Rf188c Firmware Subscribe Simatic Rf600r Subscribe Simatic Rf600r Firmware Subscribe Simatic S7-1500 Subscribe Simatic S7-1500 Firmware Subscribe Simatic S7-1500 Software Controller Subscribe Simatic S7-1500f Subscribe Simatic S7-1500f Firmware Subscribe Simatic S7-1500s Subscribe Simatic S7-1500s Firmware Subscribe Simatic S7-1500t Subscribe Simatic S7-1500t Firmware Subscribe Simatic S7-300 Subscribe Simatic S7-300 Firmware Subscribe Simatic S7-400 Pn Subscribe Simatic S7-400 Pn\/dp Subscribe Simatic S7-400 Pn\/dp Firmware Subscribe Simatic S7-400 Pn Firmware Subscribe Simatic S7-plcsim Advanced Subscribe Simatic Teleservice Adapter Ie Advanced Subscribe Simatic Teleservice Adapter Ie Advanced Firmware Subscribe Simatic Teleservice Adapter Ie Basic Subscribe Simatic Teleservice Adapter Ie Basic Firmware Subscribe Simatic Teleservice Adapter Ie Standard Subscribe Simatic Teleservice Adapter Ie Standard Firmware Subscribe Simatic Winac Rtx Subscribe Simatic Winac Rtx Firmware Subscribe Simatic Wincc Runtime Advanced Subscribe Simocode Pro V Eip Subscribe Simocode Pro V Eip Firmware Subscribe Simocode Pro V Pn Subscribe Simocode Pro V Pn Firmware Subscribe Sinamics G130 Subscribe Sinamics G130 Firmware Subscribe Sinamics G150 Subscribe Sinamics G150 Firmware Subscribe Sinamics Gh150 Subscribe Sinamics Gh150 Firmware Subscribe Sinamics Gl150 Subscribe Sinamics Gl150 Firmware Subscribe Sinamics Gm150 Subscribe Sinamics Gm150 Firmware Subscribe Sinamics S120 Subscribe Sinamics S120 Firmware Subscribe Sinamics S150 Subscribe Sinamics S150 Firmware Subscribe Sinamics S210 Subscribe Sinamics S210 Firmware Subscribe Sinamics Sl150 Subscribe Sinamics Sl150 Firmware Subscribe Sinamics Sm120 Subscribe Sinamics Sm120 Firmware Subscribe Sinamics Sm150 Subscribe Sinamics Sm150 Firmware Subscribe Sitop Manager Subscribe Sitop Psu8600 Subscribe Sitop Psu8600 Firmware Subscribe Sitop Ups1600 Subscribe Sitop Ups1600 Firmware Subscribe Tim 1531 Irc Subscribe Tim 1531 Irc Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:siemens:cp1604_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cp1604:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:cp1616_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cp1616:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:simatic_cp343-1_advanced_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp343-1_advanced:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:simatic_cp443-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp443-1:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:simatic_cp443-1_advanced_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp443-1_advanced:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:-::::::

cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:15.1:-::::::

cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:-::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp400f:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:-::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:-::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700f:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:-::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:-::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900f:-:*:*:*:*:*:*:*

Configuration 16 [-]

OR	cpe:2.3:a:siemens:simatic_cp443-1_opc_ua::::::::
	cpe:2.3:a:siemens:simatic_ipc_diagmonitor::::::::
	cpe:2.3:a:siemens:simatic_s7-1500_software_controller::::::::
	cpe:2.3:a:siemens:simatic_s7-plcsim_advanced::::::::
	cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:2.0:-::::::
	cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:2.0:sp1::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:-::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update1::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update2::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update3::::::
	cpe:2.3:a:siemens:sitop_manager::::::::

Configuration 17 [-]

AND

cpe:2.3:o:siemens:simatic_rf600r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf600r:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:simatic_rf182c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:siemens:simatic_rf181-eip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf181-eip:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:siemens:simatic_s7-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:siemens:simatic_s7-400_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-400_pn:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-400_pn\/dp:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_standard_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_standard:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

OR	cpe:2.3:o:siemens:simatic_winac_rtx_firmware::::::::
	cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-::::::

cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:siemens:simocode_pro_v_eip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simocode_pro_v_eip:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:siemens:simocode_pro_v_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simocode_pro_v_pn:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_s150_firmware::::::::
	cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:-::::::
	cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1::::::
	cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1_hotfix2::::::

cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_s210_firmware::::::::
	cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:-::::::
	cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:sp1::::::

cpe:2.3:h:siemens:sinamics_s210:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:siemens:sitop_psu8600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sitop_psu8600:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:siemens:sitop_ups1600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sitop_ups1600:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500f:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500s:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_gh150_firmware::::::::
	cpe:2.3:o:siemens:sinamics_gh150_firmware:4.8:-::::::

cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_gl150_firmware::::::::
	cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-::::::

cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_gm150_firmware::::::::
	cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-::::::

cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_sl150_firmware::::::::
	cpe:2.3:o:siemens:sinamics_sl150_firmware:4.8:-::::::

cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_sm120_firmware::::::::
	cpe:2.3:o:siemens:sinamics_sm120_firmware:4.8:-::::::

cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

OR	cpe:2.3:o:siemens:sinamics_sm150_firmware::::::::
	cpe:2.3:o:siemens:sinamics_sm150_firmware:5.1:-::::::

cpe:2.3:h:siemens:sinamics_sm150:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-16127	The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2019-04-17T13:40:24

Updated: 2024-08-04T20:23:22.207Z

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6568

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-17T14:29:03.683

Modified: 2024-11-21T04:46:42.773

Link: CVE-2019-6568

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-125

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object