Vulnerability-Lookup

BDU:2019-01782

Vulnerability from fstec - Published: 09.04.2019

Title

Уязвимость веб-сервера программно-аппаратного обеспечения Siemens, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость веб-сервера программно-аппаратного обеспечения Siemens связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Siemens AG

Software Name

SIMATIC RF182C, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1 OPC-UA, SIMATIC HMI KTP Mobile Panels, SIMATIC IPC DiagMonitor, SIMATIC S7-400 PN/DP, TIM 1531 IRC, SIMATIC RF188C, SIMATIC RF600R, SIMATIC WinCC Runtime Advanced, CP1604, CP1616, SIMATIC RF185C, SIMATIC CP 443-1, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC HMI Comfort Outdoor Panels 7" and 15", SIMATIC HMI Comfort 4 -22" Panels, SIMATIC RF181-EIP, SIMATIC RF186C, SIMATIC S7-300 CPU family, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX 2010, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130, SINAMICS G150, SINAMICS S120, SINAMICS S150, SINAMICS S210, SITOP Manager, SITOP PSU8600, SITOP UPS1600, SIMATIC CP 443-1 Advanced, SIMATIC S7-400 PN включая F, SIMATIC S7-1500 CPU family, SIMATIC S7-PLCSIM Advanced, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC S7-1500 Software Controller, SINAMICS SM120, SINAMICS SL150, SINAMICS GH150, SINAMICS GL150, SINAMICS GM150, SINAMICS SM150

Software Version

- (SIMATIC RF182C), - (SIMATIC CP 343-1 Advanced), - (SIMATIC CP 443-1 OPC-UA), - (SIMATIC HMI KTP Mobile Panels), - (SIMATIC IPC DiagMonitor), 7 (SIMATIC S7-400 PN/DP), - (TIM 1531 IRC), - (SIMATIC RF188C), - (SIMATIC RF600R), - (SIMATIC WinCC Runtime Advanced), - (CP1604), - (CP1616), - (SIMATIC RF185C), - (SIMATIC CP 443-1), до 2.1.6 (SIMATIC ET 200 SP Open Controller CPU 1515SP PC), - (SIMATIC HMI Comfort Outdoor Panels 7" and 15"), - (SIMATIC HMI Comfort 4 -22" Panels), - (SIMATIC RF181-EIP), - (SIMATIC RF186C), 3.х.16 (SIMATIC S7-300 CPU family), - (SIMATIC Teleservice Adapter IE Advanced), - (SIMATIC Teleservice Adapter IE Basic), - (SIMATIC Teleservice Adapter IE Standard), - (SIMATIC WinAC RTX 2010), - (SIMOCODE pro V EIP), - (SIMOCODE pro V PN), 4.6 (SINAMICS G130), 4.7 (SINAMICS G130), 4.7 SP1 (SINAMICS G130), от 4.8 до 4.8 HF6 (SINAMICS G130), 5.1 (SINAMICS G130), 5.1 SP1 (SINAMICS G130), 4.6 (SINAMICS G150), 4.7 (SINAMICS G150), 4.7 SP1 (SINAMICS G150), от 4.8 до 4.8 HF6 (SINAMICS G150), 5.1 (SINAMICS G150), от 5.1 SP1 до 5.1 SP1 HF4 (SINAMICS G150), 4.6 (SINAMICS S120), 4.7 (SINAMICS S120), 4.7 SP1 (SINAMICS S120), от 4.8 до 4.8 HF6 (SINAMICS S120), 5.1 (SINAMICS S120), от 5.1 SP1 до 5.1 SP1 HF4 (SINAMICS S120), 4.6 (SINAMICS S150), 4.7 (SINAMICS S150), 4.7 SP1 (SINAMICS S150), 4.8 (SINAMICS S150), 5.1 (SINAMICS S150), 5.1 SP1 (SINAMICS S150), 5.1 (SINAMICS S210), 5.1 SP1 (SINAMICS S210), - (SITOP Manager), - (SITOP PSU8600), - (SITOP UPS1600), - (SIMATIC CP 443-1 Advanced), до 6 включительно (SIMATIC S7-400 PN включая F), до 2.6.1 (SIMATIC S7-1500 CPU family), до 2.0 SP1 UPD1 (SIMATIC S7-PLCSIM Advanced), до 2.7 (SIMATIC ET 200 SP Open Controller CPU 1515SP PC2), до 2.7 (SIMATIC S7-1500 Software Controller), V4.7 (SINAMICS SM120), от V4.7 до V4.7 HF33 (SINAMICS SL150), от V4.7 до V4.8 SP2 HF9 (SINAMICS GH150), от V4.8 до V4.8 SP2 HF6 (SINAMICS GH150), от V4.7 до V4.8 SP2 HF9 (SINAMICS GL150), от V4.8 до V4.8 SP2 HF7 (SINAMICS GL150), от V4.7 до V4.8 SP2 HF9 (SINAMICS GM150), V4.8 (SINAMICS SL150), V4.8 (SINAMICS SM120), от V4.8 до V5.1 SP2 HF3 (SINAMICS SM150)

Possible Mitigations

Обновление программного обеспечения: Для SIMATIC ET 200 SP Open Controller CPU 1515SP PC до V2.1.6: https://support.industry.siemens.com/cs/ww/de/view/109759122 Для SIMATIC S7-1500 CPU family до V2.6.1: https://support.industry.siemens.com/cs/ww/en/view/109478459/ Для SIMATIC S7-300 CPU family до V3.X.16: https://support.industry.siemens.com/cs/ww/en/ps/13752/dl Для SIMATIC S7-PLCSIM Advanced до V2.0 SP1 UPD1: https://support.industry.siemens.com/cs/de/de/view/109764222 Для SINAMICS G130 (V4.6, V4.7, V4.7 SP1), SINAMICS G150 (V4.6, V4.7 SP1), SINAMICS S150 (V4.6, V4.7 SP1) до V5.2: https://support.industry.siemens.com/cs/ww/en/view/109764679/ Для SINAMICS G130 (V4.8 ), SINAMICS G150 (V4.8 ) и SINAMICS S150 (V4.8) до V4.8 HF6: https://support.industry.siemens.com/cs/ww/en/view/109742040 Для SINAMICS G130 (V5.1 SP1), SINAMICS G150 (V5.1 SP1) и SINAMICS S150 (V5.1 SP1) до V5.1 SP1 HF4: https://support.industry.siemens.com/cs/ww/en/view/109765015 Для SINAMICS S120 (V4.6, V4.7 SP1) до V5.2: https://support.industry.siemens.com/cs/ww/en/view/109762626 Для SINAMICS S120 (V4.8) до V4.8 HF6: https://support.industry.siemens.com/cs/ww/en/view/109740193 Для SINAMICS S120 (V5.1 SP1) до V5.1 SP1 HF4: https://support.industry.siemens.com/cs/ww/en/view/109758423 Для SIMATIC S7-1500 Software Controller до V2.7: https://support.industry.siemens.com/cs/ww/en/view/109478528 Для SIMATIC ET 200 SP Open Controller CPU1515SP PC2 до V2.7: https://support.industry.siemens.com/cs/ww/en/view/109759122 Для SINAMICS GH150 V4.7, SINAMICS GH150 V4.8, SINAMICS GL150 V4.7, SINAMICS GL150 V4.8, SINAMICS GM150 V4.7 и SINAMICS GM150 V4.8 до V4.8 SP2 HF9: Необходимо обратиться в службу поддержки Для SINAMICS SM150 V4.8 до V5.1 SP2 HF3: Необходимо обратиться в службу поддержки Для SINAMICS SL150 V4.7 до V4.7 HF33: Необходимо обратиться в службу поддержки Компенсирующие меры: Ограничение доступа к встроенному веб-серверу или деактивирование веб-сервера, если он не используется Для SINAMICS S, SINAMICS G130, SINAMICS G150: Обновление программного обеспечения до новой фиксированной версии, например до V5.2

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-6568 https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (SIMATIC RF182C), - (SIMATIC CP 343-1 Advanced), - (SIMATIC CP 443-1 OPC-UA), - (SIMATIC HMI KTP Mobile Panels), - (SIMATIC IPC DiagMonitor), 7 (SIMATIC S7-400 PN/DP), - (TIM 1531 IRC), - (SIMATIC RF188C), - (SIMATIC RF600R), - (SIMATIC WinCC Runtime Advanced), - (CP1604), - (CP1616), - (SIMATIC RF185C), - (SIMATIC CP 443-1), \u0434\u043e 2.1.6 (SIMATIC ET 200 SP Open Controller CPU 1515SP PC), - (SIMATIC HMI Comfort Outdoor Panels 7\" and 15\"), - (SIMATIC HMI Comfort 4 -22\" Panels), - (SIMATIC RF181-EIP), - (SIMATIC RF186C), 3.\u0445.16 (SIMATIC S7-300 CPU family), - (SIMATIC Teleservice Adapter IE Advanced), - (SIMATIC Teleservice Adapter IE Basic), - (SIMATIC Teleservice Adapter IE Standard), - (SIMATIC WinAC RTX 2010), - (SIMOCODE pro V EIP), - (SIMOCODE pro V PN), 4.6 (SINAMICS G130), 4.7 (SINAMICS G130), 4.7 SP1 (SINAMICS G130), \u043e\u0442 4.8 \u0434\u043e 4.8 HF6 (SINAMICS G130), 5.1 (SINAMICS G130), 5.1 SP1 (SINAMICS G130), 4.6 (SINAMICS G150), 4.7 (SINAMICS G150), 4.7 SP1 (SINAMICS G150), \u043e\u0442 4.8 \u0434\u043e 4.8 HF6 (SINAMICS G150), 5.1 (SINAMICS G150), \u043e\u0442 5.1 SP1 \u0434\u043e 5.1 SP1 HF4 (SINAMICS G150), 4.6 (SINAMICS S120), 4.7 (SINAMICS S120), 4.7 SP1 (SINAMICS S120), \u043e\u0442 4.8 \u0434\u043e 4.8 HF6 (SINAMICS S120), 5.1 (SINAMICS S120), \u043e\u0442 5.1 SP1 \u0434\u043e 5.1 SP1 HF4 (SINAMICS S120), 4.6 (SINAMICS S150), 4.7 (SINAMICS S150), 4.7 SP1 (SINAMICS S150), 4.8 (SINAMICS S150), 5.1 (SINAMICS S150), 5.1 SP1 (SINAMICS S150), 5.1 (SINAMICS S210), 5.1 SP1 (SINAMICS S210), - (SITOP Manager), - (SITOP PSU8600), - (SITOP UPS1600), - (SIMATIC CP 443-1 Advanced), \u0434\u043e 6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SIMATIC S7-400 PN \u0432\u043a\u043b\u044e\u0447\u0430\u044f F), \u0434\u043e 2.6.1 (SIMATIC S7-1500 CPU family), \u0434\u043e 2.0 SP1 UPD1 (SIMATIC S7-PLCSIM Advanced), \u0434\u043e 2.7 (SIMATIC ET 200 SP Open Controller CPU 1515SP PC2), \u0434\u043e 2.7 (SIMATIC S7-1500 Software Controller), V4.7 (SINAMICS SM120), \u043e\u0442 V4.7 \u0434\u043e V4.7 HF33 (SINAMICS SL150), \u043e\u0442 V4.7 \u0434\u043e V4.8 SP2 HF9 (SINAMICS GH150), \u043e\u0442 V4.8 \u0434\u043e V4.8 SP2 HF6 (SINAMICS GH150), \u043e\u0442 V4.7 \u0434\u043e V4.8 SP2 HF9 (SINAMICS GL150), \u043e\u0442 V4.8 \u0434\u043e V4.8 SP2 HF7 (SINAMICS GL150), \u043e\u0442 V4.7 \u0434\u043e V4.8 SP2 HF9 (SINAMICS GM150), V4.8 (SINAMICS SL150), V4.8 (SINAMICS SM120), \u043e\u0442 V4.8 \u0434\u043e V5.1 SP2 HF3 (SINAMICS SM150)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\n\u0414\u043b\u044f SIMATIC ET 200 SP Open Controller CPU 1515SP PC \u0434\u043e V2.1.6:\nhttps://support.industry.siemens.com/cs/ww/de/view/109759122\n\n\u0414\u043b\u044f SIMATIC S7-1500 CPU family \u0434\u043e V2.6.1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109478459/\n\n\u0414\u043b\u044f SIMATIC S7-300 CPU family \u0434\u043e V3.X.16:\nhttps://support.industry.siemens.com/cs/ww/en/ps/13752/dl\n\n\u0414\u043b\u044f SIMATIC S7-PLCSIM Advanced \u0434\u043e V2.0 SP1 UPD1:\nhttps://support.industry.siemens.com/cs/de/de/view/109764222\n\n\u0414\u043b\u044f SINAMICS G130 (V4.6, V4.7, V4.7 SP1), SINAMICS G150 (V4.6, V4.7 SP1), SINAMICS S150 (V4.6, V4.7 SP1) \u0434\u043e V5.2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109764679/\n\n\u0414\u043b\u044f SINAMICS G130 (V4.8 ), SINAMICS G150 (V4.8 ) \u0438 SINAMICS S150 (V4.8)  \u0434\u043e V4.8 HF6:\nhttps://support.industry.siemens.com/cs/ww/en/view/109742040\n\n\u0414\u043b\u044f SINAMICS G130 (V5.1 SP1), SINAMICS G150 (V5.1 SP1) \u0438 SINAMICS S150 (V5.1 SP1) \u0434\u043e V5.1 SP1 HF4:\nhttps://support.industry.siemens.com/cs/ww/en/view/109765015\n\n\u0414\u043b\u044f SINAMICS S120 (V4.6, V4.7 SP1) \u0434\u043e V5.2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109762626\n\n\u0414\u043b\u044f SINAMICS S120 (V4.8) \u0434\u043e V4.8 HF6:\nhttps://support.industry.siemens.com/cs/ww/en/view/109740193\n\n\u0414\u043b\u044f SINAMICS S120 (V5.1 SP1) \u0434\u043e V5.1 SP1 HF4:\nhttps://support.industry.siemens.com/cs/ww/en/view/109758423\n\n\u0414\u043b\u044f SIMATIC S7-1500 Software Controller \u0434\u043e  V2.7:\nhttps://support.industry.siemens.com/cs/ww/en/view/109478528\n\n\u0414\u043b\u044f SIMATIC ET 200 SP Open Controller CPU1515SP PC2 \u0434\u043e V2.7:\nhttps://support.industry.siemens.com/cs/ww/en/view/109759122\n\n\n\u0414\u043b\u044f SINAMICS GH150 V4.7, SINAMICS GH150 V4.8, SINAMICS GL150 V4.7, SINAMICS GL150 V4.8, SINAMICS GM150 V4.7 \u0438 SINAMICS GM150 V4.8 \u0434\u043e V4.8 SP2 HF9:\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u0432 \u0441\u043b\u0443\u0436\u0431\u0443 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438\n \n\u0414\u043b\u044f SINAMICS SM150 V4.8 \u0434\u043e V5.1 SP2 HF3:\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u0432 \u0441\u043b\u0443\u0436\u0431\u0443 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438\n\n\u0414\u043b\u044f SINAMICS SL150 V4.7 \u0434\u043e V4.7 HF33:\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u0432 \u0441\u043b\u0443\u0436\u0431\u0443 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0438\u043b\u0438 \u0434\u0435\u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0435\u0441\u043b\u0438 \u043e\u043d \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f\n\n\u0414\u043b\u044f SINAMICS S, SINAMICS G130, SINAMICS G150:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u043d\u043e\u0432\u043e\u0439 \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0434\u043e V5.2",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.04.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.05.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01782",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-6568",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIMATIC RF182C, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1 OPC-UA, SIMATIC HMI KTP Mobile Panels, SIMATIC IPC DiagMonitor, SIMATIC S7-400 PN/DP, TIM 1531 IRC, SIMATIC RF188C, SIMATIC RF600R, SIMATIC WinCC Runtime Advanced, CP1604, CP1616, SIMATIC RF185C, SIMATIC CP 443-1, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC HMI Comfort Outdoor Panels 7\" and 15\", SIMATIC HMI Comfort 4 -22\" Panels, SIMATIC RF181-EIP, SIMATIC RF186C, SIMATIC S7-300 CPU family, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX 2010, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130, SINAMICS G150, SINAMICS S120, SINAMICS S150, SINAMICS S210, SITOP Manager, SITOP PSU8600, SITOP UPS1600, SIMATIC CP 443-1 Advanced, SIMATIC S7-400 PN \u0432\u043a\u043b\u044e\u0447\u0430\u044f F, SIMATIC S7-1500 CPU family, SIMATIC S7-PLCSIM Advanced, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC S7-1500 Software Controller, SINAMICS SM120, SINAMICS SL150, SINAMICS GH150, SINAMICS GL150, SINAMICS GM150, SINAMICS SM150",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Siemens, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Siemens \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-6568\n\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2019-6568 (GCVE-0-2019-6568)

Vulnerability from cvelistv5 – Published: 2019-04-17 13:40 – Updated: 2024-08-04 20:23

Summary

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE

CWE-125 - Out-of-bounds Read

Assigner

siemens

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…
	https://cert-portal.siemens.com/productcert/pdf/s…

Impacted products

Vendor

Product

Version

Siemens

SIMATIC CP 1604

Affected: All versions

Siemens	SIMATIC CP 1616	Affected: All versions
Siemens	SIMATIC CP 343-1 Advanced	Affected: All versions
Siemens	SIMATIC CP 443-1	Affected: All versions < V3.3
Siemens	SIMATIC CP 443-1	Affected: All versions < V3.3
Siemens	SIMATIC CP 443-1 Advanced	Affected: All versions < V3.3
Siemens	SIMATIC CP 443-1 OPC UA	Affected: All versions
Siemens	SIMATIC ET 200pro IM154-8 PN/DP CPU	Affected: All versions < V3.2.16
Siemens	SIMATIC ET 200pro IM154-8F PN/DP CPU	Affected: All versions < V3.2.16
Siemens	SIMATIC ET 200pro IM154-8FX PN/DP CPU	Affected: All versions < V3.2.16
Siemens	SIMATIC ET 200S IM151-8 PN/DP CPU	Affected: All versions < V3.2.16
Siemens	SIMATIC ET 200S IM151-8F PN/DP CPU	Affected: All versions < V3.2.16
Siemens	SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)	Affected: All versions < V2.1.6
Siemens	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	Affected: All versions < V2.7
Siemens	SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)	Affected: All versions < V15.1 Upd4
Siemens	SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)	Affected: All versions < V15.1 Upd4
Siemens	SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F	Affected: All versions < V15.1 Upd4
Siemens	SIMATIC IPC DiagMonitor	Affected: All versions < V5.1.3
Siemens	SIMATIC RF182C	Affected: All versions
Siemens	SIMATIC RF185C	Affected: All versions < V1.1.0
Siemens	SIMATIC RF186C	Affected: All versions < V1.1.0
Siemens	SIMATIC RF188C	Affected: All versions < V1.1.0
Siemens	SIMATIC RF600R family	Affected: All versions < V3.2.1
Siemens	SIMATIC RFID 181EIP	Affected: All versions
Siemens	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	Affected: All versions < V2.6.1
Siemens	SIMATIC S7-1500 Software Controller	Affected: All versions < V2.7
Siemens	SIMATIC S7-300 CPU 314C-2 PN/DP	Affected: All versions < V3.3.16
Siemens	SIMATIC S7-300 CPU 315-2 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-300 CPU 315F-2 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-300 CPU 315T-3 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-300 CPU 317-2 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-300 CPU 317F-2 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-300 CPU 317T-3 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-300 CPU 317TF-3 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-300 CPU 319-3 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-300 CPU 319F-3 PN/DP	Affected: All versions < V3.2.16
Siemens	SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	Affected: All versions
Siemens	SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	Affected: All versions
Siemens	SIMATIC S7-PLCSIM Advanced	Affected: All versions < V2.0 SP1 UPD1
Siemens	SIMATIC Teleservice Adapter IE Advanced	Affected: All versions
Siemens	SIMATIC Teleservice Adapter IE Basic	Affected: All versions
Siemens	SIMATIC Teleservice Adapter IE Standard	Affected: All versions
Siemens	SIMATIC WinAC RTX 2010	Affected: All versions < V2010 SP3
Siemens	SIMATIC WinAC RTX F 2010	Affected: All versions < V2010 SP3
Siemens	SIMATIC WinCC Runtime Advanced	Affected: All versions < V15.1 Upd4
Siemens	SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)	Affected: All versions < V1.1.3
Siemens	SIMOCODE pro V PROFINET (incl. SIPLUS variants)	Affected: All versions < V2.1.3
Siemens	SINAMICS G130 V4.6 Control Unit	Affected: All versions
Siemens	SINAMICS G130 V4.7 Control Unit	Affected: All versions
Siemens	SINAMICS G130 V4.7 SP1 Control Unit	Affected: All versions
Siemens	SINAMICS G130 V4.8 Control Unit	Affected: All versions < V4.8 HF6
Siemens	SINAMICS G130 V5.1 Control Unit	Affected: All versions
Siemens	SINAMICS G130 V5.1 SP1 Control Unit	Affected: All versions < V5.1 SP1 HF4
Siemens	SINAMICS G150 V4.6 Control Unit	Affected: All versions
Siemens	SINAMICS G150 V4.7 Control Unit	Affected: All versions
Siemens	SINAMICS G150 V4.7 SP1 Control Unit	Affected: All versions
Siemens	SINAMICS G150 V4.8 Control Unit	Affected: All versions < V4.8 HF6
Siemens	SINAMICS G150 V5.1 Control Unit	Affected: All versions
Siemens	SINAMICS G150 V5.1 SP1 Control Unit	Affected: All versions < V5.1 SP1 HF4
Siemens	SINAMICS GH150 V4.7 (Control Unit)	Affected: All versions
Siemens	SINAMICS GH150 V4.8 (Control Unit)	Affected: All versions < V4.8 SP2 HF9
Siemens	SINAMICS GL150 V4.7 (Control Unit)	Affected: All versions
Siemens	SINAMICS GL150 V4.8 (Control Unit)	Affected: All versions < V4.8 SP2 HF9
Siemens	SINAMICS GM150 V4.7 (Control Unit)	Affected: All versions
Siemens	SINAMICS GM150 V4.8 (Control Unit)	Affected: All versions < V4.8 SP2 HF9
Siemens	SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)	Affected: All versions
Siemens	SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)	Affected: All versions
Siemens	SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)	Affected: All versions
Siemens	SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)	Affected: All versions < V4.8 HF6
Siemens	SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)	Affected: All versions
Siemens	SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)	Affected: All versions < V5.1 SP1 HF4
Siemens	SINAMICS S150 V4.6 Control Unit	Affected: All versions
Siemens	SINAMICS S150 V4.7 Control Unit	Affected: All versions
Siemens	SINAMICS S150 V4.7 SP1 Control Unit	Affected: All versions
Siemens	SINAMICS S150 V4.8 Control Unit	Affected: All versions < V4.8 HF6
Siemens	SINAMICS S150 V5.1 Control Unit	Affected: All versions
Siemens	SINAMICS S150 V5.1 SP1 Control Unit	Affected: All versions < V5.1 SP1 HF4
Siemens	SINAMICS S210	Affected: All versions < V5.1 SP1 HF8
Siemens	SINAMICS SL150 V4.7 (Control Unit)	Affected: All versions < V4.7 HF33
Siemens	SINAMICS SL150 V4.8 (Control Unit)	Affected: All versions
Siemens	SINAMICS SM120 V4.7 (Control Unit)	Affected: All versions
Siemens	SINAMICS SM120 V4.8 (Control Unit)	Affected: All versions < V4.8 SP2 HF10
Siemens	SINAMICS SM150 V4.8 (Control Unit)	Affected: All versions
Siemens	SIPLUS ET 200S IM151-8 PN/DP CPU	Affected: All versions < V3.2.16
Siemens	SIPLUS ET 200S IM151-8F PN/DP CPU	Affected: All versions < V3.2.16
Siemens	SIPLUS NET CP 343-1 Advanced	Affected: All versions
Siemens	SIPLUS NET CP 443-1	Affected: All versions < V3.3
Siemens	SIPLUS NET CP 443-1 Advanced	Affected: All versions < V3.3
Siemens	SIPLUS S7-300 CPU 314C-2 PN/DP	Affected: All versions < V3.3.16
Siemens	SIPLUS S7-300 CPU 315-2 PN/DP	Affected: All versions < V3.2.16
Siemens	SIPLUS S7-300 CPU 315F-2 PN/DP	Affected: All versions < V3.2.16
Siemens	SIPLUS S7-300 CPU 317-2 PN/DP	Affected: All versions < V3.2.16
Siemens	SIPLUS S7-300 CPU 317F-2 PN/DP	Affected: All versions < V3.2.16
Siemens	SITOP Manager	Affected: All versions < V1.1
Siemens	SITOP PSU8600	Affected: All versions < V1.5
Siemens	SITOP UPS1600 (incl. SIPLUS variants)	Affected: All versions < V2.3
Siemens	TIM 1531 IRC (incl. SIPLUS NET variants)	Affected: All versions < V2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:22.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1604",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1616",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 343-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 OPC UA",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.1.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC DiagMonitor",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF182C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF185C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF186C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF188C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF600R family",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RFID 181EIP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.6.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-PLCSIM Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0 SP1 UPD1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Teleservice Adapter IE Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Teleservice Adapter IE Basic",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Teleservice Adapter IE Standard",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX F 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Runtime Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.6 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.7 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V4.8 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 HF6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V5.1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130 V5.1 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V4.6 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V4.7 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V4.8 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 HF6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V5.1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150 V5.1 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GH150 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GH150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP2 HF9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GL150 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GL150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP2 HF9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GM150 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GM150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP2 HF9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 HF6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V4.6 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V4.7 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V4.8 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 HF6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V5.1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150 V5.1 SP1 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF4"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S210",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.1 SP1 HF8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SL150 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 HF33"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SL150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM120 V4.7 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM120 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP2 HF10"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM150 V4.8 (Control Unit)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 343-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.16"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SITOP Manager",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SITOP PSU8600",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SITOP UPS1600 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIM 1531 IRC (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device.\r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T11:51:03.049Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-6568",
    "datePublished": "2019-04-17T13:40:24.000Z",
    "dateReserved": "2019-01-22T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:23:22.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-01782

CVE-2019-6568 (GCVE-0-2019-6568)

Tags

Sightings

Nomenclature