CNVD-2019-12905

Vulnerability from cnvd - Published: 2019-05-05
VLAI Severity ?
Title
Siemens Industrial Products with OPC UA拒绝服务漏洞
Description
Siemens是一家全球领先的科技企业,凭借电气化、自动化和数字化领域的创新,在发电和输配电、基础设施、工业自动化、驱动和软件等领域为客户提供解决方案的一家公司。 Siemens存在拒绝服务漏洞。攻击者可以利用该漏洞来破坏受影响的设备,拒绝为合法用户提供服务。
Severity
Patch Name
Siemens Industrial Products with OPC UA拒绝服务漏洞的补丁
Patch Description
Siemens是一家全球领先的科技企业,凭借电气化、自动化和数字化领域的创新,在发电和输配电、基础设施、工业自动化、驱动和软件等领域为客户提供解决方案的一家公司。 Siemens存在拒绝服务漏洞。攻击者可以利用该漏洞来破坏受影响的设备,拒绝为合法用户提供服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://www.winccoa.com/news/detail/new-patch-p018-available-for-315.html https://support.industry.siemens.com/cs/ww/en/view/109746207

Reference
https://ics-cert.us-cert.gov/advisories/ICSA-19-099-03
Impacted products
Name
['Siemens SIMATIC S7-1500 CPU family <=v2.5', 'Siemens SIMATIC S7-1500 Software Controller <=v2.5', 'Siemens SIMATIC WinCC OA <v3.15-P018', 'Siemens SIMATIC WinCC Runtime Advanced', 'Siemens SINEMA Server', 'Siemens SINUMERIK OPC UA Server <v2.1', 'Siemens TeleControl Server Basics', 'Siemens SIMATIC NET PC Software', 'Siemens SIMATIC RF188C', 'Siemens SIMATIC RF600R', 'Siemens SIMATIC WinCC Runtime Comfort', 'Siemens SIMATIC WinCC Runtime Mobile', 'Siemens SINEC-NMS', 'Siemens SIMATIC CP443-1 OPC UA', 'Siemens SIMATIC ET200 Open Controller CPU 1515SP PC2', 'Siemens SIMATIC IPC DiagMonitor', 'Siemens SIMATIC WinCC Runtime HSP Comfort']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6575"
    }
  },
  "description": "Siemens\u662f\u4e00\u5bb6\u5168\u7403\u9886\u5148\u7684\u79d1\u6280\u4f01\u4e1a,\u51ed\u501f\u7535\u6c14\u5316\u3001\u81ea\u52a8\u5316\u548c\u6570\u5b57\u5316\u9886\u57df\u7684\u521b\u65b0,\u5728\u53d1\u7535\u548c\u8f93\u914d\u7535\u3001\u57fa\u7840\u8bbe\u65bd\u3001\u5de5\u4e1a\u81ea\u52a8\u5316\u3001\u9a71\u52a8\u548c\u8f6f\u4ef6\u7b49\u9886\u57df\u4e3a\u5ba2\u6237\u63d0\u4f9b\u89e3\u51b3\u65b9\u6848\u7684\u4e00\u5bb6\u516c\u53f8\u3002\n\nSiemens\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u7834\u574f\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\uff0c\u62d2\u7edd\u4e3a\u5408\u6cd5\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.winccoa.com/news/detail/new-patch-p018-available-for-315.html\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109746207",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-12905",
  "openTime": "2019-05-05",
  "patchDescription": "Siemens\u662f\u4e00\u5bb6\u5168\u7403\u9886\u5148\u7684\u79d1\u6280\u4f01\u4e1a,\u51ed\u501f\u7535\u6c14\u5316\u3001\u81ea\u52a8\u5316\u548c\u6570\u5b57\u5316\u9886\u57df\u7684\u521b\u65b0,\u5728\u53d1\u7535\u548c\u8f93\u914d\u7535\u3001\u57fa\u7840\u8bbe\u65bd\u3001\u5de5\u4e1a\u81ea\u52a8\u5316\u3001\u9a71\u52a8\u548c\u8f6f\u4ef6\u7b49\u9886\u57df\u4e3a\u5ba2\u6237\u63d0\u4f9b\u89e3\u51b3\u65b9\u6848\u7684\u4e00\u5bb6\u516c\u53f8\u3002\r\n\r\nSiemens\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6765\u7834\u574f\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\uff0c\u62d2\u7edd\u4e3a\u5408\u6cd5\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Industrial Products with OPC UA\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC S7-1500 CPU family \u003c=v2.5",
      "Siemens SIMATIC S7-1500 Software Controller \u003c=v2.5",
      "Siemens SIMATIC WinCC OA \u003cv3.15-P018",
      "Siemens SIMATIC WinCC Runtime Advanced",
      "Siemens SINEMA Server",
      "Siemens SINUMERIK OPC UA Server \u003cv2.1",
      "Siemens TeleControl Server Basics",
      "Siemens SIMATIC NET PC Software",
      "Siemens SIMATIC RF188C",
      "Siemens SIMATIC RF600R",
      "Siemens SIMATIC WinCC Runtime Comfort",
      "Siemens SIMATIC WinCC Runtime Mobile",
      "Siemens SINEC-NMS",
      "Siemens SIMATIC CP443-1 OPC UA",
      "Siemens SIMATIC ET200 Open Controller CPU 1515SP PC2",
      "Siemens SIMATIC IPC DiagMonitor",
      "Siemens SIMATIC WinCC Runtime HSP Comfort"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-19-099-03",
  "serverity": "\u9ad8",
  "submitTime": "2019-04-10",
  "title": "Siemens Industrial Products with OPC UA\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.