CVE-2019-6575 - Vulnerability Details

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01124.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Siemens

SIMATIC CP 443-1 OPC UA

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)

affected

Version	Status	Constraints
`All versions < V2.7`	affected	—

Siemens

SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)

affected

Version	Status	Constraints
`All versions < V15.1 Upd 4`	affected	—

Siemens

SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)

affected

Version	Status	Constraints
`All versions < V15.1 Upd 4`	affected	—

Siemens

SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F

affected

Version	Status	Constraints
`All versions < V15.1 Upd 4`	affected	—

Siemens

SIMATIC IPC DiagMonitor

affected

Version	Status	Constraints
`All versions < V5.1.3`	affected	—

Siemens

SIMATIC NET PC Software V13

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

SIMATIC NET PC Software V14

affected

Version	Status	Constraints
`All versions < V14 SP1 Update 14`	affected	—

Siemens

SIMATIC NET PC Software V15

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

SIMATIC RF188C

affected

Version	Status	Constraints
`All versions < V1.1.0`	affected	—

Siemens

SIMATIC RF600R family

affected

Version	Status	Constraints
`All versions < V3.2.1`	affected	—

Siemens

SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)

affected

Version	Status	Constraints
`All versions >= V2.5 < V2.6.1`	affected	—

Siemens

SIMATIC S7-1500 Software Controller

affected

Version	Status	Constraints
`All versions between V2.5 (including) and V2.7 (excluding)`	affected	—

Siemens

SIMATIC WinCC OA

affected

Version	Status	Constraints
`All versions < V3.15 P018`	affected	—

Siemens

SIMATIC WinCC Runtime Advanced

affected

Version	Status	Constraints
`All versions < V15.1 Upd 4`	affected	—

Siemens

SINEC NMS

affected

Version	Status	Constraints
`All versions < V1.0 SP1`	affected	—

Siemens

SINEMA Server

affected

Version	Status	Constraints
`All versions < V14 SP2`	affected	—

Siemens

SINUMERIK OPC UA Server

affected

Version	Status	Constraints
`All versions < V2.1`	affected	—

Siemens

TeleControl Server Basic

affected

Version	Status	Constraints
`All versions < V3.1.1`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:siemens:simatic_cp443-1_opc_ua_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp443-1_opc_ua:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:simatic_et_200_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:simatic_ipc_diagmonitor_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:simatic_net_pc_software_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_pc_software:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:simatic_rf600r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf600r:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*

Configuration 8 [-]

OR	cpe:2.3:a:siemens:opc_unified_architecture::::::::
	cpe:2.3:a:siemens:simatic_s7-1500_software_controller::::::::
	cpe:2.3:a:siemens:simatic_wincc_oa::::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_comfort::::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_hsp_comfort::::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_mobile::::::::
	cpe:2.3:a:siemens:sinec-nms::::::::
	cpe:2.3:a:siemens:sinec-nms:1.0:-::::::
	cpe:2.3:a:siemens:sinema_server::::::::
	cpe:2.3:a:siemens:sinumerik_opc_ua_server::::::::
	cpe:2.3:a:siemens:telecontrol_server_basic::::::::

Configuration 9 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500f:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500s:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:-::::::
	cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:upd_1::::::
	cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:upd_2::::::
	cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:upd_3::::::

cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:-::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:upd_1::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:upd_2::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:upd_3::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp400f:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:-::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:upd_1::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:upd_2::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:upd_3::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:-::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:upd_1::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:upd_2::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:upd_3::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700f:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:-::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:upd_1::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:upd_2::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:upd_3::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

OR	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware::::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:-::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:upd_1::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:upd_2::::::
	cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:upd_3::::::

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900f:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Siemens Subscribe	Opc Unified Architecture Subscribe Simatic Cp443-1 Opc Ua Subscribe Simatic Cp443-1 Opc Ua Firmware Subscribe Simatic Et 200 Open Controller Cpu 1515sp Pc2 Subscribe Simatic Et 200 Open Controller Cpu 1515sp Pc2 Firmware Subscribe Simatic Hmi Comfort Outdoor Panels Subscribe Simatic Hmi Comfort Outdoor Panels Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp400f Subscribe Simatic Hmi Ktp Mobile Panels Ktp400f Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp700 Subscribe Simatic Hmi Ktp Mobile Panels Ktp700 Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp700f Subscribe Simatic Hmi Ktp Mobile Panels Ktp700f Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp900 Subscribe Simatic Hmi Ktp Mobile Panels Ktp900 Firmware Subscribe Simatic Hmi Ktp Mobile Panels Ktp900f Subscribe Simatic Hmi Ktp Mobile Panels Ktp900f Firmware Subscribe Simatic Ipc Diagmonitor Subscribe Simatic Ipc Diagmonitor Firmware Subscribe Simatic Net Pc Software Subscribe Simatic Net Pc Software Firmware Subscribe Simatic Rf188c Subscribe Simatic Rf188c Firmware Subscribe Simatic Rf600r Subscribe Simatic Rf600r Firmware Subscribe Simatic S7-1500 Subscribe Simatic S7-1500 Firmware Subscribe Simatic S7-1500 Software Controller Subscribe Simatic S7-1500f Subscribe Simatic S7-1500f Firmware Subscribe Simatic S7-1500s Subscribe Simatic S7-1500s Firmware Subscribe Simatic S7-1500t Subscribe Simatic S7-1500t Firmware Subscribe Simatic Wincc Oa Subscribe Simatic Wincc Runtime Advanced Subscribe Simatic Wincc Runtime Comfort Subscribe Simatic Wincc Runtime Hsp Comfort Subscribe Simatic Wincc Runtime Mobile Subscribe Sinec-nms Subscribe Sinema Server Subscribe Sinumerik Opc Ua Server Subscribe Telecontrol Server Basic Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2019-16134	A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2019-04-17T13:40:24

Updated: 2024-08-04T20:23:22.041Z

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6575

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-17T14:29:03.760

Modified: 2024-11-21T04:46:43.960

Link: CVE-2019-6575

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object