SSA-593272
Vulnerability from csaf_siemens
Published
2020-04-14 00:00
Modified
2024-05-14 00:00
Summary
SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices

Notes

Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.



{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability exists in affected products that could allow remote attackers to affect\nthe availability of the devices under certain conditions.\n\nThe underlying TCP stack can be forced to make very computation expensive calls\nfor every incoming packet which can lead to a Denial-of-Service.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-593272.html"
      },
      {
        "category": "self",
        "summary": "SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-593272.json"
      },
      {
        "category": "self",
        "summary": "SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-593272.txt"
      }
    ],
    "title": "SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices",
    "tracking": {
      "current_release_date": "2024-05-14T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-593272",
      "initial_release_date": "2020-04-14T00:00:00Z",
      "revision_history": [
        {
          "date": "2020-04-14T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2020-05-12T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added SIMATIC S7-400 H V6 CPU family and below to the list of affected products"
        },
        {
          "date": "2021-03-09T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (P) to the list of affected products"
        },
        {
          "date": "2022-02-08T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "No remediation planned for SIMATIC ET200 devices"
        },
        {
          "date": "2022-03-11T00:00:00Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added mitigation measure for SIMATIC S7-300 and S7-400"
        },
        {
          "date": "2022-03-28T00:00:00Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Updated fix and mitigation measures for SIMATIC S7-300 and S7-400"
        },
        {
          "date": "2022-04-12T00:00:00Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Cleanup due to template changes, no change of contents"
        },
        {
          "date": "2022-06-14T00:00:00Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added SIMATIC S7-1200 CPU family, ET200SP/MP/AL/EcoPN and PN/xx Coupler to the list of affected products"
        },
        {
          "date": "2022-12-13T00:00:00Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added fix for SIMATIC S7-410 CPU family (incl. SIPLUS variants)"
        },
        {
          "date": "2023-01-10T00:00:00Z",
          "legacy_version": "1.9",
          "number": "10",
          "summary": "Removed fix for SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) and added SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) to the list of affected products"
        },
        {
          "date": "2023-02-14T00:00:00Z",
          "legacy_version": "2.0",
          "number": "11",
          "summary": "Added additional SIMATIC ET200ecoPN products (CM 4x IO-Link, M12-L / CM 8x IO-Link, M12-L / AI 8xRTD/TC, M12-L) to the list of affected products"
        },
        {
          "date": "2024-05-14T00:00:00Z",
          "legacy_version": "2.1",
          "number": "12",
          "summary": "Added fix for several SIMATIC ET200ecoPN devices"
        }
      ],
      "status": "interim",
      "version": "12"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "KTK ATE530S",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "KTK ATE530S"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIDOOR ATD430W",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "SIDOOR ATD430W"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIDOOR ATE530S COATED",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "SIDOOR ATE530S COATED"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIDOOR ATE531S",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "SIDOOR ATE531S"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ET200AL IM157-1 PN",
                  "product_id": "7"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200AL IM157-1 PN"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1\u003cV5.1.2",
                "product": {
                  "name": "SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0)",
                  "product_id": "8",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7144-6JF00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1",
                "product": {
                  "name": "SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0)",
                  "product_id": "9",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7148-6JE00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1",
                "product": {
                  "name": "SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0)",
                  "product_id": "10",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7148-6JG00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1",
                "product": {
                  "name": "SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0)",
                  "product_id": "11",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7148-6JJ00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1\u003cV5.1.2",
                "product": {
                  "name": "SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0)",
                  "product_id": "12",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7141-6BG00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1\u003cV5.1.2",
                "product": {
                  "name": "SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0)",
                  "product_id": "13",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7141-6BH00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1\u003cV5.1.3",
                "product": {
                  "name": "SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0)",
                  "product_id": "14",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7143-6BH00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1\u003cV5.1.2",
                "product": {
                  "name": "SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0)",
                  "product_id": "15",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7142-6BG00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V5.1.1\u003cV5.1.2",
                "product": {
                  "name": "SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0)",
                  "product_id": "16",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7142-6BR00-0BB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V4.2",
                "product": {
                  "name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)",
                  "product_id": "17"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ET200SP IM155-6 MF HF",
                  "product_id": "18"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200SP IM155-6 MF HF"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)",
                  "product_id": "19"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V4.2",
                "product": {
                  "name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)",
                  "product_id": "20"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V4.2",
                "product": {
                  "name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)",
                  "product_id": "21"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V4.2",
                "product": {
                  "name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)",
                  "product_id": "22"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0)",
                  "product_id": "23",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7154-8AB01-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0)",
                  "product_id": "24",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7154-8FB01-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0)",
                  "product_id": "25",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7154-8FX00-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0)",
                  "product_id": "26",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7151-8AB01-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0)",
                  "product_id": "27",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7151-8FB01-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.0",
                "product": {
                  "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
                  "product_id": "28"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.0",
                "product": {
                  "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
                  "product_id": "29"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC MICRO-DRIVE PDC",
                  "product_id": "30"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC MICRO-DRIVE PDC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0)",
                  "product_id": "31",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7158-3MU10-0XA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V4.2",
                "product": {
                  "name": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0)",
                  "product_id": "32",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7158-3AD10-0XA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0)",
                  "product_id": "33",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7314-6EH04-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0)",
                  "product_id": "34",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7315-2EH14-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0)",
                  "product_id": "35",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7315-2FJ14-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0)",
                  "product_id": "36",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7315-7TJ10-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0)",
                  "product_id": "37",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7317-2EK14-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0)",
                  "product_id": "38",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7317-2FK14-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0)",
                  "product_id": "39",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7317-7TK10-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0)",
                  "product_id": "40",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7317-7UL10-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0)",
                  "product_id": "41",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7318-3EL01-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0)",
                  "product_id": "42",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7318-3FL01-0AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)",
                  "product_id": "43"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
                  "product_id": "44"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
                  "product_id": "45"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)",
                  "product_id": "46"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV4.4.0",
                "product": {
                  "name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
                  "product_id": "47"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.0",
                "product": {
                  "name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
                  "product_id": "48"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.0",
                "product": {
                  "name": "SIMATIC S7-1500 Software Controller",
                  "product_id": "49"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 Software Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC TDC CP51M1",
                  "product_id": "50"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC TDC CP51M1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC TDC CPU555",
                  "product_id": "51"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC TDC CPU555"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0)",
                  "product_id": "52",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7671-0RC08-0YA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0)",
                  "product_id": "53",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6ES7671-1RC08-0YA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SINAMICS S/G Control Unit w. PROFINET",
                  "product_id": "54"
                }
              }
            ],
            "category": "product_name",
            "name": "SINAMICS S/G Control Unit w. PROFINET"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0)",
                  "product_id": "55",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1151-8AB01-7AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0)",
                  "product_id": "56",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1151-8FB01-2AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=V4.2",
                "product": {
                  "name": "SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0)",
                  "product_id": "57",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG2158-3AD10-4XA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0)",
                  "product_id": "58",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1314-6EH04-7AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0)",
                  "product_id": "59",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1315-2EH14-7AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0)",
                  "product_id": "60",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1315-2FJ14-2AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0)",
                  "product_id": "61",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1317-2EK14-7AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0)",
                  "product_id": "62",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6AG1317-2FK14-2AB0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19300",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "23",
          "24",
          "25",
          "26",
          "27",
          "29",
          "28",
          "7",
          "8",
          "9",
          "10",
          "11",
          "13",
          "12",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "30",
          "31",
          "32",
          "47",
          "48",
          "49",
          "33",
          "34",
          "35",
          "36",
          "37",
          "38",
          "39",
          "40",
          "41",
          "42",
          "43",
          "44",
          "46",
          "45",
          "50",
          "51",
          "52",
          "53",
          "54",
          "55",
          "56",
          "57",
          "58",
          "59",
          "60",
          "61",
          "62"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead",
          "product_ids": [
            "33",
            "34",
            "35",
            "36",
            "37",
            "38",
            "39",
            "40",
            "41",
            "42",
            "43",
            "44",
            "46",
            "45",
            "58",
            "59",
            "60",
            "61",
            "62"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "23",
            "24",
            "25",
            "26",
            "27",
            "7",
            "9",
            "10",
            "11",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "30",
            "31",
            "32",
            "33",
            "34",
            "35",
            "36",
            "37",
            "38",
            "39",
            "40",
            "41",
            "42",
            "43",
            "44",
            "50",
            "51",
            "52",
            "53",
            "54",
            "55",
            "56",
            "57",
            "58",
            "59",
            "60",
            "61",
            "62"
          ]
        },
        {
          "category": "none_available",
          "details": "Currently no fix is available",
          "product_ids": [
            "46",
            "45"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.0 or later version",
          "product_ids": [
            "29"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.0 or later version",
          "product_ids": [
            "28"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.1.2 or later version",
          "product_ids": [
            "8",
            "13",
            "12",
            "15",
            "16"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.1.3 or later version",
          "product_ids": [
            "14"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V20.8 or later version",
          "product_ids": [
            "49"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109772864/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V4.5.2 or later version",
          "product_ids": [
            "47"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.8 or later version",
          "product_ids": [
            "48"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109773807/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "23",
            "24",
            "25",
            "26",
            "27",
            "29",
            "28",
            "7",
            "8",
            "9",
            "10",
            "11",
            "13",
            "12",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "30",
            "31",
            "32",
            "47",
            "48",
            "49",
            "33",
            "34",
            "35",
            "36",
            "37",
            "38",
            "39",
            "40",
            "41",
            "42",
            "43",
            "44",
            "46",
            "45",
            "50",
            "51",
            "52",
            "53",
            "54",
            "55",
            "56",
            "57",
            "58",
            "59",
            "60",
            "61",
            "62"
          ]
        }
      ],
      "title": "CVE-2019-19300"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.