Search criteria
5 vulnerabilities found for cp1616 by siemens
VAR-201904-0174
Vulnerability from variot - Updated: 2023-12-18 13:18The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device.
The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinamics s210",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics gl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-400 pn\\/dp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simocode pro v pn",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.3"
},
{
"model": "simocode pro v eip",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.3"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sitop ups1600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic rf186c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sitop psu8600",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "sinamics sm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic cp443-1 opc ua",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics s210",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic teleservice adapter ie basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "cp1604",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1500s",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "sinamics sl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic s7-1500t",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic cp443-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics sm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "simatic hmi ktp mobile panels ktp700f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic rf181-eip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic hmi ktp mobile panels ktp400f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "cp1616",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic teleservice adapter ie standard",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic ipc diagmonitor",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1.3"
},
{
"model": "simatic s7-300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic hmi ktp mobile panels ktp900f",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic rf188c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic cp443-1 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics s120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic s7-1500f",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics g130",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1.6"
},
{
"model": "sinamics sm120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "simatic rf185c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.0"
},
{
"model": "simatic rf600r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7"
},
{
"model": "simatic cp343-1 advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic hmi ktp mobile panels ktp900",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "15.1"
},
{
"model": "sinamics gh150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6.1"
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sitop manager",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "simatic winac rtx",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "simatic cp 1543sp-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1604",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1616",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 343-1 advanced",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1 adv",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 443-1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf185c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "sinamics s150",
"version": "5.1"
},
{
"model": "simatic winac rtx sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic s7-300 cpu family all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7"
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics g130 and g150",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf182c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1 opc ua",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic ipc diagmonitor",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf188c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf600r",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp1604",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp1616",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et sp open controller cpu 1515sp pc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "200\u003cv2.1.6"
},
{
"model": "simatic hmi comfort panels 4\" 22\"",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi ktp mobile panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6"
},
{
"model": "sinamics s150",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s210",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.1"
},
{
"model": "sinamics s210 sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.1"
},
{
"model": "tim irc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1531"
},
{
"model": "simatic hmi comfort outdoor panels 7\" \u0026 15\"",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf181-eip",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf186c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-plcsim advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie basic",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic teleservice adapter ie standard",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simocode pro eip",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v"
},
{
"model": "simocode pro pn",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v"
},
{
"model": "sitop manager",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sitop psu8600",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sitop ups1600",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siamtic rf185c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp343-1 advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp443-1 advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et sp open controller cpu 1515sp pc2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "200"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sinamics s210",
"version": "5.1"
},
{
"model": "tim irc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15310"
},
{
"model": "sitop ups1600",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sitop psu8600",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sitop manager",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinamics s210 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics s120 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s120 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics g150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g150 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g150",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "sinamics g130 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g130 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "simocode pro pn",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v0"
},
{
"model": "simocode pro eip",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "20100"
},
{
"model": "simatic teleservice adapter ie standard",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic teleservice adapter ie basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic teleservice adapter ie advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-plcsim advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic s7-400 pn",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v60"
},
{
"model": "simatic s7-300 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-1500 software controller",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic s7-1500 cpu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf600r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic ipc diagmonitor",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp900f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp900 mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp700f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp700 mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp400f mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et200 open controller cpu 1515sp pc2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic et200 open controller cpu 1515sp pc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic cp opc ua",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "443-10"
},
{
"model": "simatic cp advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "343-10"
},
{
"model": "rfid 181-eip",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16160"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16040"
},
{
"model": "sinamics s150 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s150 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics s120 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics s120 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g150 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g150 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g130 sp1 hf4",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "sinamics g130 hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-300 cpu",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v3.x.16"
},
{
"model": "simatic et200 open controller cpu 1515sp pc",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.1.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort panels",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp400f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp700f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi ktp mobile panels ktp900f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1 opc ua",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic ipc diagmonitor",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 plcsim advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop manager",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf600r",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf188c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf186c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1616",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf182c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf181 eip",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie basic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic teleservice adapter ie standard",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf185c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simocode pro v eip",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simocode pro v pn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s210",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop psu8600",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitop ups1600",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tim 1531 irc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp343 1 advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500f",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500t",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic cp443 1 advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200 sp open controller cpu 1515sp pc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200 sp open controller cpu 1515sp pc2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic hmi comfort outdoor panels",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp1604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp1604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp1616_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp1616:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_cp343-1_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_cp343-1_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_cp443-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_cp443-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_cp443-1_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_cp443-1_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:15.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp400f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_cp443-1_opc_ua:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sitop_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:2.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf600r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf600r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf182c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf181-eip_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf181-eip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_standard_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_standard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2010",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simocode_pro_v_eip_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simocode_pro_v_eip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simocode_pro_v_pn_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simocode_pro_v_pn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1_hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_s210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sitop_psu8600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sitop_psu8600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sitop_ups1600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sitop_ups1600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500f_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm150_firmware:5.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_sm150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6568",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6568",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-12904",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158003",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6568",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6568",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-6568",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-12904",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-458",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158003",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device. \r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "VULHUB",
"id": "VHN-158003"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6568",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-06",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-480230",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-530931",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-227-04",
"trust": 1.4
},
{
"db": "BID",
"id": "107842",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-12904",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1204.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "A397CC8B-EE17-4FAF-8447-E9EE5F57DD12",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158003",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"id": "VAR-201904-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
}
],
"trust": 1.5889605512962963
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
}
]
},
"last_update_date": "2023-12-18T13:18:48.243000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-480230",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"title": "SSA-530931",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
},
{
"title": "Patches for multiple Siemens product denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160237"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=91286"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-06"
},
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6568"
},
{
"trust": 0.9,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6568"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3150/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-06"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-06"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/107842"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-denial-of-service-via-webserver-28976"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78710"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"db": "VULHUB",
"id": "VHN-158003"
},
{
"db": "BID",
"id": "107842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-05T00:00:00",
"db": "IVD",
"id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12"
},
{
"date": "2019-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158003"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107842"
},
{
"date": "2019-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"date": "2019-04-17T14:29:03.683000",
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"date": "2019-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-12904"
},
{
"date": "2023-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-158003"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107842"
},
{
"date": "2019-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003541"
},
{
"date": "2023-04-11T10:15:09.153000",
"db": "NVD",
"id": "CVE-2019-6568"
},
{
"date": "2023-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to input validation in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003541"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-458"
}
],
"trust": 0.6
}
}
VAR-201910-1596
Vulnerability from variot - Updated: 2023-12-18 12:43A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. Multiple Siemens products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. SIMATIC WinAC RTX (F) 2010 is a simatic software controller for PC-based automation solutions. Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs).
A denial of service vulnerability exists in several Siemens products. A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. Siemens CP1616, etc. are all products of Siemens (Siemens) in Germany. CP1616 is a communications processor. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. SCALANCE X-200IRT is an industrial Ethernet switch. The following products and versions are affected: Siemens SIMATIC NET CP 1616 before V2.8; SINUMERIK 840D sl (all versions); SCALANCE X-200IRT series (including SIPLUS NET variants) before V5.2.1; SIMATIC ET200S (including SIPLUS variants) (full version) etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic et 200m",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200s",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200ecopn",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pn/pn coupler 6es7158-3ad01-0xa0",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "sinumerik 828d",
"version": "4.8"
},
{
"model": "simatic s7-300 cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic s7-300 cpu 314",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics gl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g110m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "ek-ertec 200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5.0"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinumerik 828d",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic winac rtx \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-300 cpu 315-2 dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic s7-300 cpu 312 ifm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic s7-300 cpu 315",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics s110",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics dcp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "simatic s7-300 cpu 314 ifm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinumerik 840d sl",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-300 cpu 318-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "cp1604",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "ek-ertec 200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5.0"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic et 200ecopn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics dcm",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "ek-ertec 200p",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5.0"
},
{
"model": "simatic s7-300 cpu 313",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "cp1616",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "simotion",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics sl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinumerik 828d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-400 dp v7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic et 200m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-400 pn v7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic winac rtx \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "dk standard ethernet controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "sinamics s120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic pn\\/pn coupler 6es7158-3ad01-0xa0",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics g110m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g130",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic et 200s",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-400 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "dk standard ethernet controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "simatic s7-300 cpu 316-2 dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "scalance x-200irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.1"
},
{
"model": "sinamics g120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gh150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics dcm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "cp1604",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "cp1616",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "dk standard ethernet controller",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200p p",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x-200irt",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200pro",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics dcp",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik 840d sl",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp1604",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp1616",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "dk standard ethernet controller patch",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.1.105"
},
{
"model": "ek-ertec 200p patch",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.5.001"
},
{
"model": "ek-ertec 200p",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.5.0"
},
{
"model": "scalance x-200irt",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.2.1"
},
{
"model": "simatic s7-300 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 and below",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7"
},
{
"model": "sinamics dcm hf1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.5"
},
{
"model": "sinumerik 828d sp5",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.8"
},
{
"model": "sinamics g110m sp10 hf5",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics g120 sp10 hf5",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics g130 hf29",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.8"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics s110",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120 hf34",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.8"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dk standard ethernet controller",
"version": "4.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pn pn coupler 6es7158 3ad01 0xa0",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 312 ifm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 313",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 314",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 314 ifm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 315",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 315 2 dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 316 2 dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 318 2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1616",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 v6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn v7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 dp v7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx f 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simotion",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcm",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g110m",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g110m",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g120",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dk standard ethernet controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics gh150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics gl150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics gm150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s110",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics sl150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics sm120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinumerik 828d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200",
"version": "4.5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinumerik 840d sl",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200p",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 200irt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200m",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200ecopn",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp1604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp1604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp1616_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp1616:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_firmware:4.5.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_312_ifm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_312_ifm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_313_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_313:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_314_ifm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_314_ifm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_316-2_dp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_cpu_318-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300_cpu_318-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_v6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_pn_v7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_pn_v7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_dp_v7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400_dp_v7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2010",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120_firmware:4.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s110_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:4.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_828d:4.8:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA. Artem Zinenko of Kaspersky reported to Siemens that SIPLUS is also affected.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10923",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41280",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142518",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10923",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10923",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-10923",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-41280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-565",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142518",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. Multiple Siemens products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. SIMATIC WinAC RTX (F) 2010 is a simatic software controller for PC-based automation solutions. Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). \n\nA denial of service vulnerability exists in several Siemens products. A vulnerability has been identified in CP1604 (All versions \u003c V2.8), CP1616 (All versions \u003c V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions \u003c V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions \u003c V4.5.0), SCALANCE X-200IRT (All versions \u003c V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. Siemens CP1616, etc. are all products of Siemens (Siemens) in Germany. CP1616 is a communications processor. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. SCALANCE X-200IRT is an industrial Ethernet switch. The following products and versions are affected: Siemens SIMATIC NET CP 1616 before V2.8; SINUMERIK 840D sl (all versions); SCALANCE X-200IRT series (including SIPLUS NET variants) before V5.2.1; SIMATIC ET200S (including SIPLUS variants) (full version) etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "VULHUB",
"id": "VHN-142518"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10923",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-349422",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-283-01",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-41280",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3812",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3812.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "B7DE1C6D-2642-4DF7-860F-BFE6735515F5",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-142518",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
]
},
"id": "VAR-201910-1596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
}
],
"trust": 1.6264974596969697
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
}
]
},
"last_update_date": "2023-12-18T12:43:15.593000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-349422",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
},
{
"title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2019-41280)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/184335"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10923"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10923"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3812/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3812.2/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-irt-30559"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-283-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"date": "2019-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-142518"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"date": "2019-10-10T14:15:14.503000",
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"date": "2023-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-142518"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"date": "2023-05-09T13:15:12.763000",
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"date": "2023-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to resource depletion in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
],
"trust": 0.8
}
}
VAR-201904-0635
Vulnerability from variot - Updated: 2023-12-18 12:28A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. A denial of service vulnerability exists in the SIEMENS CP1604 and CP1616 devices. Siemens CP1604 and CP1616 are prone to following security vulnerabilities: 1. An information disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A cross-site request-forgery vulnerability Attackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. The following products and versions are vulnerable: All versions prior to Siemens CP1604 2.8 All versions prior to Siemens CP1616 2.8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0635",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp 1604",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1616",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1604",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1616",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp1604",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp1616",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.7.2"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.1"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.7.2"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.1"
},
{
"model": "cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.8"
},
{
"model": "cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp 1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp 1616",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"db": "NVD",
"id": "CVE-2018-13808"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp_1604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp_1604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp_1616_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp_1616:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13808"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
],
"trust": 0.6
},
"cve": "CVE-2018-13808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-13808",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-00987",
"impactScore": 9.2,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-123904",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-13808",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13808",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-00987",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-520",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-123904",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"db": "VULHUB",
"id": "VHN-123904"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"db": "NVD",
"id": "CVE-2018-13808"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. A denial of service vulnerability exists in the SIEMENS CP1604 and CP1616 devices. Siemens CP1604 and CP1616 are prone to following security vulnerabilities:\n1. An information disclosure vulnerability\n2. A cross-site-scripting vulnerability\n3. A cross-site request-forgery vulnerability\nAttackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. \nThe following products and versions are vulnerable:\nAll versions prior to Siemens CP1604 2.8\nAll versions prior to Siemens CP1616 2.8",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13808"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-123904"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13808",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-559174",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-06",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201902-520",
"trust": 0.9
},
{
"db": "BID",
"id": "106992",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-00987",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0442",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D8409C1-463F-11E9-B3C4-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-123904",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"db": "VULHUB",
"id": "VHN-123904"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"db": "NVD",
"id": "CVE-2018-13808"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
]
},
"id": "VAR-201904-0635",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"db": "VULHUB",
"id": "VHN-123904"
}
],
"trust": 1.7125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00987"
}
]
},
"last_update_date": "2023-12-18T12:28:24.232000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-559174",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
},
{
"title": "SIEMENS CP1604 and CP1616 device denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/149585"
},
{
"title": "Siemens CP1604 and CP1616 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89331"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123904"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"db": "NVD",
"id": "CVE-2018-13808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13808"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-06"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13808"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-043-06"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/106992"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75478"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"db": "VULHUB",
"id": "VHN-123904"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"db": "NVD",
"id": "CVE-2018-13808"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"db": "VULHUB",
"id": "VHN-123904"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"db": "NVD",
"id": "CVE-2018-13808"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "IVD",
"id": "7d8409c1-463f-11e9-b3c4-000c29342cb1"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-123904"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106992"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"date": "2019-04-17T14:29:02.590000",
"db": "NVD",
"id": "CVE-2018-13808"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00987"
},
{
"date": "2019-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-123904"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106992"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015276"
},
{
"date": "2019-07-11T22:15:10.247000",
"db": "NVD",
"id": "CVE-2018-13808"
},
{
"date": "2019-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CP 1604 and CP 1616 Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015276"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-520"
}
],
"trust": 0.6
}
}
VAR-201904-0637
Vulnerability from variot - Updated: 2023-12-18 12:28A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains a cross-site request forgery vulnerability.Information may be tampered with. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. Siemens CP1604 and CP1616 are prone to following security vulnerabilities: 1. An information disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A cross-site request-forgery vulnerability Attackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. The following products and versions are vulnerable: All versions prior to Siemens CP1604 2.8 All versions prior to Siemens CP1616 2.8. The vulnerability stems from the fact that the WEB application does not fully verify whether the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0637",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp 1604",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1616",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1604",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1616",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp1604",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp1616",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.7.2"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.1"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.7.2"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.1"
},
{
"model": "cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.8"
},
{
"model": "cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp 1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp 1616",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp_1604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp_1604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp_1616_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp_1616:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
],
"trust": 0.6
},
"cve": "CVE-2018-13810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13810",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-00989",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-123907",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13810",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13810",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-00989",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-526",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-123907",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains a cross-site request forgery vulnerability.Information may be tampered with. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. Siemens CP1604 and CP1616 are prone to following security vulnerabilities:\n1. An information disclosure vulnerability\n2. A cross-site-scripting vulnerability\n3. A cross-site request-forgery vulnerability\nAttackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. \nThe following products and versions are vulnerable:\nAll versions prior to Siemens CP1604 2.8\nAll versions prior to Siemens CP1616 2.8. The vulnerability stems from the fact that the WEB application does not fully verify whether the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-123907"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13810",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-559174",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-06",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526",
"trust": 0.9
},
{
"db": "BID",
"id": "106992",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-00989",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0442",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D8457DE-463F-11E9-A2A6-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-123907",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"id": "VAR-201904-0637",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
}
],
"trust": 1.7125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
}
]
},
"last_update_date": "2023-12-18T12:28:24.309000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-559174",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
},
{
"title": "Patch for cross-site request forgery vulnerability for SIEMENS CP1604 and CP1616 devices",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/149597"
},
{
"title": "Siemens CP1604 and CP1616 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89337"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13810"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-06"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13810"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-043-06"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/106992"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75478"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-123907"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106992"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"date": "2019-04-17T14:29:03.230000",
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"date": "2019-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-123907"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106992"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"date": "2019-07-11T22:15:10.873000",
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"date": "2019-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CP 1604 and CP 1616 Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
],
"trust": 0.6
}
}
VAR-201904-0636
Vulnerability from variot - Updated: 2023-12-18 12:28A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. A cross-site scripting vulnerability exists in the SIEMENS CP1604 and CP1616 devices. An attacker could exploit a vulnerability to make a trusted user spoofed to track a malicious link. Siemens CP1604 and CP1616 are prone to following security vulnerabilities: 1. An information disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A cross-site request-forgery vulnerability Attackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. The following products and versions are vulnerable: All versions prior to Siemens CP1604 2.8 All versions prior to Siemens CP1616 2.8. The vulnerability stems from the lack of correct verification of client data in WEB applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0636",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp 1604",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1616",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1604",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1616",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp1604",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp1616",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.7.2"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.1"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.7.2"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.1"
},
{
"model": "cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.8"
},
{
"model": "cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp 1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp 1616",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"db": "NVD",
"id": "CVE-2018-13809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp_1604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp_1604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp_1616_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp_1616:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13809"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
],
"trust": 0.6
},
"cve": "CVE-2018-13809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13809",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-00988",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d8457df-463f-11e9-8e53-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-123905",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-13809",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13809",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-00988",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-524",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-123905",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"db": "VULHUB",
"id": "VHN-123905"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"db": "NVD",
"id": "CVE-2018-13809"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. A cross-site scripting vulnerability exists in the SIEMENS CP1604 and CP1616 devices. An attacker could exploit a vulnerability to make a trusted user spoofed to track a malicious link. Siemens CP1604 and CP1616 are prone to following security vulnerabilities:\n1. An information disclosure vulnerability\n2. A cross-site-scripting vulnerability\n3. A cross-site request-forgery vulnerability\nAttackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. \nThe following products and versions are vulnerable:\nAll versions prior to Siemens CP1604 2.8\nAll versions prior to Siemens CP1616 2.8. The vulnerability stems from the lack of correct verification of client data in WEB applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13809"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-123905"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13809",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-559174",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-06",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201902-524",
"trust": 0.9
},
{
"db": "BID",
"id": "106992",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-00988",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0442",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D8457DF-463F-11E9-8E53-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-123905",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"db": "VULHUB",
"id": "VHN-123905"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"db": "NVD",
"id": "CVE-2018-13809"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
]
},
"id": "VAR-201904-0636",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"db": "VULHUB",
"id": "VHN-123905"
}
],
"trust": 1.7125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00988"
}
]
},
"last_update_date": "2023-12-18T12:28:24.271000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-559174",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
},
{
"title": "Patch for SIEMENS CP1604 and CP1616 device cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/149595"
},
{
"title": "Siemens CP1604 and CP1616 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89335"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123905"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"db": "NVD",
"id": "CVE-2018-13809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13809"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-06"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13809"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-043-06"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/106992"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75478"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"db": "VULHUB",
"id": "VHN-123905"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"db": "NVD",
"id": "CVE-2018-13809"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"db": "VULHUB",
"id": "VHN-123905"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"db": "NVD",
"id": "CVE-2018-13809"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "IVD",
"id": "7d8457df-463f-11e9-8e53-000c29342cb1"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-123905"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106992"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"date": "2019-04-17T14:29:02.840000",
"db": "NVD",
"id": "CVE-2018-13809"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00988"
},
{
"date": "2019-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-123905"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106992"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015275"
},
{
"date": "2019-07-11T22:15:10.717000",
"db": "NVD",
"id": "CVE-2018-13809"
},
{
"date": "2019-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CP 1604 and CP 1616 Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015275"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-524"
}
],
"trust": 0.6
}
}