Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-10943 (GCVE-0-2019-10943)
Vulnerability from cvelistv5 – Published: 2019-08-13 18:55 – Updated: 2024-08-04 22:40
VLAI
EPSS
Summary
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.
Severity
No CVSS data available.
CWE
- CWE-353 - Missing Support for Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
12 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC Drive Controller family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V20.8"
}
]
},
{
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V20.8"
}
]
},
{
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4.0"
}
]
},
{
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.4.0"
}
]
},
{
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.8.1"
}
]
},
{
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.8.1"
}
]
},
{
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V20.8"
}
]
},
{
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V20.8"
}
]
},
{
"product": "SIMATIC S7-PLCSIM Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"product": "SIMATIC S7-PLCSIM Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003e= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-1500 Software Controller (All versions \u003e= V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC S7-PLCSIM Advanced (All versions \u003e= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353: Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T11:16:23.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC Drive Controller family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V20.8"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V20.8"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.4.0"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.4.0"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.8.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.8.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V20.8"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V20.8"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.0"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V3.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003e= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-1500 Software Controller (All versions \u003e= V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC S7-PLCSIM Advanced (All versions \u003e= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-353: Missing Support for Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10943",
"datePublished": "2019-08-13T18:55:57.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-10943",
"date": "2026-05-29",
"epss": "0.00113",
"percentile": "0.29613"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10943\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2019-08-13T19:15:15.530\",\"lastModified\":\"2024-11-21T04:20:12.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003e= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-1500 Software Controller (All versions \u003e= V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC S7-PLCSIM Advanced (All versions \u003e= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.\"},{\"lang\":\"es\",\"value\":\"SIPLUS) (Todas las versiones anteriores a V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variantes SIPLUS) (Todas las versiones posteriores o iguales V20.8), familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS) (Todas las versiones anteriores a V4.4.0), familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS) (Todas las versiones variantes SIPLUS) (Todas las versiones posteriores o iguales V4.4.0), familia de CPUs SIMATIC S7-1500 (incl. CPUs ET200 relacionadas y variantes SIPLUS) (Todas las versiones anteriores a V2.8.1), familia de CPUs SIMATIC S7-1500 (incl. CPUs ET200 relacionadas y variantes SIPLUS) (Todas las versiones posteriores o iguales V2. 8.1), SIMATIC S7-1500 Software Controller (Todas las versiones anteriores a V20.8), SIMATIC S7-1500 Software Controller (Todas las versiones posteriores o iguales V20.8), SIMATIC S7-PLCSIM Advanced (Todas las versiones anteriores a V3.0), SIMATIC S7-PLCSIM Advanced (Todas las versiones posteriores o iguales V3.0). Un atacante con acceso de red al puerto 102/tcp podr\u00eda modificar potencialmente el programa de usuario en el PLC de manera que el c\u00f3digo en ejecuci\u00f3n sea diferente del c\u00f3digo fuente que est\u00e1 almacenado en el dispositivo. Un atacante debe tener acceso de red a los dispositivos afectados y debe ser capaz de realizar cambios en el programa de usuario. La vulnerabilidad podr\u00eda afectar a la integridad percibida del programa de usuario almacenado en la CPU. Un ingeniero que intente obtener el c\u00f3digo del programa de usuario que se ejecuta en el dispositivo, puede recibir un c\u00f3digo fuente diferente que no se est\u00e1 ejecutando realmente en el dispositivo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-353\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFA8109D-F938-4FE3-9885-831D2D0FE058\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8AED132-C4CF-4C2E-B826-DFAE745256FD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.8\",\"matchCriteriaId\":\"7B4A8C4A-8AED-42A4-BF49-C1F9E9A48EBD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30E3491F-8F4A-4C7D-960D-073AA41DB4D6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4\",\"matchCriteriaId\":\"C0812843-6B21-4622-8C97-D87162987434\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3871C0C9-C65E-4E0B-9CA8-75E60066297F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4\",\"matchCriteriaId\":\"CEBF07D2-1CFB-4769-8F4D-59737D782B9B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07849777-92E7-41D2-9128-F8D20DE15391\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4\",\"matchCriteriaId\":\"99C1E616-6A34-4C85-927B-29C53A0BA873\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE17584A-BF7A-48B8-A9CB-477663766C63\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4\",\"matchCriteriaId\":\"BB22A001-A28B-48D2-93BE-95C3EBD39A8D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC4698CF-F935-4707-BA91-7E3650C7956C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4\",\"matchCriteriaId\":\"7CFDEA0C-BE3D-425B-B5FD-299C93C70CD8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232279DE-CF1C-4A3C-886D-B4CE3F104F09\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.8.1\",\"matchCriteriaId\":\"85BF9FC3-FF9D-4E14-8D3F-A7AA9CC84A48\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE0BA68C-EB57-49CE-94A8-E7905AB79824\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.8.1\",\"matchCriteriaId\":\"E18897A5-B757-412B-A28A-E8BD9CA73520\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"822894D4-96D5-4BDC-A698-D31262BCF422\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.8.1\",\"matchCriteriaId\":\"87628F0C-73A3-4169-A58E-18538AD88C8C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2E24A4C-AC13-4382-BDF6-E13878FED4DC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.8\",\"matchCriteriaId\":\"D31E1129-2A71-4130-A32B-0E5A437D4C07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_s7_plcsim_advanced:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"FCB3DDD9-64F2-4A38-A9E8-2D8AA09F403D\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-385
Vulnerability from certfr_avis - Published: 2019-08-13 - Updated: 2019-08-13
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE X-200 | ||
| Siemens | N/A | SINAMICS GL150 versions V4.7 et V4.8 antérieures à V4.8 SP2 HF9 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family | ||
| Siemens | N/A | SINAMICS GM150 versions V4.7 et V4.8 antérieures à V4.8 SP2 HF9 | ||
| Siemens | N/A | SINAMICS SL150 V4.8 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU1515SP PC | ||
| Siemens | N/A | SCALANCE X-200IRT | ||
| Siemens | N/A | SINAMICS GH150 versions V4.7 et V4.8 antérieures à V4.8 SP2 HF9 | ||
| Siemens | N/A | SINAMICS SM150 V4.8 | ||
| Siemens | N/A | SINAMICS SL150 V4.7 | ||
| Siemens | N/A | SCALANCE SC-600 versions antérieures à V2.0.1 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced | ||
| Siemens | N/A | SINAMICS SM120 V4.8 | ||
| Siemens | N/A | SCALANCE XB-200, XC-200, XF-200BA, XP-200 et XR-300WG version V4.1 | ||
| Siemens | N/A | SCALANCE X-200RNA | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU1515SP PC2 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family versions supérieures à V4.0 | ||
| Siemens | N/A | SINAMICS SM120 V4.7 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE X-200",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS GL150 versions V4.7 et V4.8 ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS GM150 versions V4.7 et V4.8 ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS SL150 V4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU1515SP PC",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS GH150 versions V4.7 et V4.8 ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS SM150 V4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS SL150 V4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC-600 versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS SM120 V4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB-200, XC-200, XF-200BA, XP-200 et XR-300WG version V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200RNA",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU1515SP PC2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family versions sup\u00e9rieures \u00e0 V4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS SM120 V4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-10927",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10927"
},
{
"name": "CVE-2019-6568",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6568"
},
{
"name": "CVE-2019-10943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10943"
},
{
"name": "CVE-2019-10929",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10929"
},
{
"name": "CVE-2019-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10942"
},
{
"name": "CVE-2019-10928",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10928"
}
],
"initial_release_date": "2019-08-13T00:00:00",
"last_revision_date": "2019-08-13T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-385",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-671286 du 13 ao\u00fbt 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-100232 du 13 ao\u00fbt 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-232418 du 13 ao\u00fbt 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-530931 du 13 ao\u00fbt 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
}
]
}
Title
SIMATICS7-1200 and SIMATICS7-1500CPU families权限访问漏洞
Description
Simatic S7-1200 CPU和Simatic S7-1500 CPU系列的产品是工业环境(如制造业、食品和饮料业以及化工行业)中进行离散和连续控制。
SIMATICS7-1200 and SIMATICS7-1500CPU families存在中间人攻击漏洞。攻击者可利用漏洞对受影响设备的网络访问权限,并且必须能够对用户程序进行更改。
Severity
中
Patch Name
SIMATICS7-1200 and SIMATICS7-1500CPU families权限访问漏洞的补丁
Patch Description
Simatic S7-1200 CPU和Simatic S7-1500 CPU系列的产品是工业环境(如制造业、食品和饮料业以及化工行业)中进行离散和连续控制。
SIMATICS7-1200 and SIMATICS7-1500CPU families存在中间人攻击漏洞。攻击者可利用漏洞对受影响设备的网络访问权限,并且必须能够对用户程序进行更改。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf
Impacted products
| Name | ['Siemens SIMATIC S7-1500 Software Controller', 'Siemens SIMATIC S7-1500 CPU family', 'Siemens SIMATIC S7-PLCSIM Advanced', 'SIEMENS SIMATIC S7-1200 CPU family >=V4.0', 'SIEMENS SIMATIC ET 200SP Open Controller CPU1515SP PC', 'SIEMENS SIMATIC ET 200SP Open Controller CPU1515SP PC2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-10943"
}
},
"description": "Simatic S7-1200 CPU\u548cSimatic S7-1500 CPU\u7cfb\u5217\u7684\u4ea7\u54c1\u662f\u5de5\u4e1a\u73af\u5883\uff08\u5982\u5236\u9020\u4e1a\u3001\u98df\u54c1\u548c\u996e\u6599\u4e1a\u4ee5\u53ca\u5316\u5de5\u884c\u4e1a\uff09\u4e2d\u8fdb\u884c\u79bb\u6563\u548c\u8fde\u7eed\u63a7\u5236\u3002\n\nSIMATICS7-1200 and SIMATICS7-1500CPU families\u5b58\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bf9\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u7f51\u7edc\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u4e14\u5fc5\u987b\u80fd\u591f\u5bf9\u7528\u6237\u7a0b\u5e8f\u8fdb\u884c\u66f4\u6539\u3002",
"discovererName": "Eli Biham, Sara Bitan, Aviad Carmel, and Alon Dankner from Faculty of Computer Science, TechnionHaifa",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-27700",
"openTime": "2019-08-15",
"patchDescription": "Simatic S7-1200 CPU\u548cSimatic S7-1500 CPU\u7cfb\u5217\u7684\u4ea7\u54c1\u662f\u5de5\u4e1a\u73af\u5883\uff08\u5982\u5236\u9020\u4e1a\u3001\u98df\u54c1\u548c\u996e\u6599\u4e1a\u4ee5\u53ca\u5316\u5de5\u884c\u4e1a\uff09\u4e2d\u8fdb\u884c\u79bb\u6563\u548c\u8fde\u7eed\u63a7\u5236\u3002\r\n\r\nSIMATICS7-1200 and SIMATICS7-1500CPU families\u5b58\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bf9\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u7f51\u7edc\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u4e14\u5fc5\u987b\u80fd\u591f\u5bf9\u7528\u6237\u7a0b\u5e8f\u8fdb\u884c\u66f4\u6539\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SIMATICS7-1200 and SIMATICS7-1500CPU families\u6743\u9650\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SIMATIC S7-1500 Software Controller",
"Siemens SIMATIC S7-1500 CPU family",
"Siemens SIMATIC S7-PLCSIM Advanced",
"SIEMENS SIMATIC S7-1200 CPU family \u003e=V4.0",
"SIEMENS SIMATIC ET 200SP Open Controller CPU1515SP PC",
"SIEMENS SIMATIC ET 200SP Open Controller CPU1515SP PC2"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf",
"serverity": "\u4e2d",
"submitTime": "2019-08-14",
"title": "SIMATICS7-1200 and SIMATICS7-1500CPU families\u6743\u9650\u8bbf\u95ee\u6f0f\u6d1e"
}
FKIE_CVE-2019-10943
Vulnerability from fkie_nvd - Published: 2019-08-13 19:15 - Updated: 2024-11-21 04:20
Severity
Summary
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA8109D-F938-4FE3-9885-831D2D0FE058",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AED132-C4CF-4C2E-B826-DFAE745256FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4A8C4A-8AED-42A4-BF49-C1F9E9A48EBD",
"versionEndExcluding": "20.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3491F-8F4A-4C7D-960D-073AA41DB4D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0812843-6B21-4622-8C97-D87162987434",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3871C0C9-C65E-4E0B-9CA8-75E60066297F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBF07D2-1CFB-4769-8F4D-59737D782B9B",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07849777-92E7-41D2-9128-F8D20DE15391",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99C1E616-6A34-4C85-927B-29C53A0BA873",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE17584A-BF7A-48B8-A9CB-477663766C63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB22A001-A28B-48D2-93BE-95C3EBD39A8D",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4698CF-F935-4707-BA91-7E3650C7956C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFDEA0C-BE3D-425B-B5FD-299C93C70CD8",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "232279DE-CF1C-4A3C-886D-B4CE3F104F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85BF9FC3-FF9D-4E14-8D3F-A7AA9CC84A48",
"versionEndExcluding": "2.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0BA68C-EB57-49CE-94A8-E7905AB79824",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E18897A5-B757-412B-A28A-E8BD9CA73520",
"versionEndExcluding": "2.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "822894D4-96D5-4BDC-A698-D31262BCF422",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87628F0C-73A3-4169-A58E-18538AD88C8C",
"versionEndExcluding": "2.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E24A4C-AC13-4382-BDF6-E13878FED4DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D31E1129-2A71-4130-A32B-0E5A437D4C07",
"versionEndExcluding": "20.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_s7_plcsim_advanced:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3DDD9-64F2-4A38-A9E8-2D8AA09F403D",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003e= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-1500 Software Controller (All versions \u003e= V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC S7-PLCSIM Advanced (All versions \u003e= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device."
},
{
"lang": "es",
"value": "SIPLUS) (Todas las versiones anteriores a V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variantes SIPLUS) (Todas las versiones posteriores o iguales V20.8), familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS) (Todas las versiones anteriores a V4.4.0), familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS) (Todas las versiones variantes SIPLUS) (Todas las versiones posteriores o iguales V4.4.0), familia de CPUs SIMATIC S7-1500 (incl. CPUs ET200 relacionadas y variantes SIPLUS) (Todas las versiones anteriores a V2.8.1), familia de CPUs SIMATIC S7-1500 (incl. CPUs ET200 relacionadas y variantes SIPLUS) (Todas las versiones posteriores o iguales V2. 8.1), SIMATIC S7-1500 Software Controller (Todas las versiones anteriores a V20.8), SIMATIC S7-1500 Software Controller (Todas las versiones posteriores o iguales V20.8), SIMATIC S7-PLCSIM Advanced (Todas las versiones anteriores a V3.0), SIMATIC S7-PLCSIM Advanced (Todas las versiones posteriores o iguales V3.0). Un atacante con acceso de red al puerto 102/tcp podr\u00eda modificar potencialmente el programa de usuario en el PLC de manera que el c\u00f3digo en ejecuci\u00f3n sea diferente del c\u00f3digo fuente que est\u00e1 almacenado en el dispositivo. Un atacante debe tener acceso de red a los dispositivos afectados y debe ser capaz de realizar cambios en el programa de usuario. La vulnerabilidad podr\u00eda afectar a la integridad percibida del programa de usuario almacenado en la CPU. Un ingeniero que intente obtener el c\u00f3digo del programa de usuario que se ejecuta en el dispositivo, puede recibir un c\u00f3digo fuente diferente que no se est\u00e1 ejecutando realmente en el dispositivo"
}
],
"id": "CVE-2019-10943",
"lastModified": "2024-11-21T04:20:12.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T19:15:15.530",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-353"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-C58V-2PGR-H7Q6
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2022-08-11 00:00
VLAI
Details
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2019-10943"
],
"database_specific": {
"cwe_ids": [
"CWE-353"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-13T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions \u003e= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication.",
"id": "GHSA-c58v-2pgr-h7q6",
"modified": "2022-08-11T00:00:20Z",
"published": "2022-05-24T16:53:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10943"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2019-10943
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-10943",
"description": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions \u003c= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions \u003c= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions \u003c= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c= V20.8). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication.",
"id": "GSD-2019-10943"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-10943"
],
"details": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003e= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-1500 Software Controller (All versions \u003e= V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC S7-PLCSIM Advanced (All versions \u003e= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.",
"id": "GSD-2019-10943",
"modified": "2023-12-13T01:23:58.956885Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC Drive Controller family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V20.8"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V20.8"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.4.0"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.4.0"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.8.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.8.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V20.8"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V20.8"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.0"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V3.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003e= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-1500 Software Controller (All versions \u003e= V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC S7-PLCSIM Advanced (All versions \u003e= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-353: Missing Support for Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_s7_plcsim_advanced:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10943"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003e= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-1500 Software Controller (All versions \u003e= V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC S7-PLCSIM Advanced (All versions \u003e= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-353"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-08-10T20:15Z",
"publishedDate": "2019-08-13T19:15Z"
}
}
}
ICSA-19-344-06
Vulnerability from csaf_cisa - Published: 2019-12-10 00:00 - Updated: 2020-03-10 00:00Summary
Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B)
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may allow an attacker to modify network traffic or impact the perceived integrity of the user program stored on the CPU.
Critical infrastructure sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
CWE-327
- Use of a Broken or Risky Cryptographic Algorithm
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC Drive Controller family: All versions (only affected by CVE-2019-10943)
Siemens / SIMATIC Drive Controller family
|
* (only affected by CVE-2019-10943) |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): All versions prior to V2.8.1
Siemens / SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
|
< 2.8.1 |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-PLCSIM Advanced: All versions prior to V3.0
Siemens / SIMATIC S7-PLCSIM Advanced
|
< 3.0 |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1500 Software Controller: All versions prior to V20.8
Siemens / SIMATIC S7-1500 Software Controller
|
< 20.8 |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1200 CPU family (incl. SIPLUS variants): All versions prior to V4.4.0
Siemens / SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
|
< 4.4.0 |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC: All versions
Siemens / SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC
|
vers:all/* |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Versions 2.8.1 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
|
>= 2.8.1 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Versions 20.8 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
|
>= 20.8 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants): All versions
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
|
vers:all/* |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-PLCSIM Advanced: Versions 3.0 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC S7-PLCSIM Advanced
|
>= 3.0 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1200 CPU family (incl. SIPLUS variants): Versions 4.4.0 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
|
>= 4.4.0 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All versions prior to V20.8
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
|
< 20.8 |
Vendor Fix
fix
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1500 Software Controller: Versions 20.8 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC S7-1500 Software Controller
|
>= 20.8 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
5.3 (Medium)
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC Drive Controller family: All versions (only affected by CVE-2019-10943)
Siemens / SIMATIC Drive Controller family
|
* (only affected by CVE-2019-10943) |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): All versions prior to V2.8.1
Siemens / SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
|
< 2.8.1 |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-PLCSIM Advanced: All versions prior to V3.0
Siemens / SIMATIC S7-PLCSIM Advanced
|
< 3.0 |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1500 Software Controller: All versions prior to V20.8
Siemens / SIMATIC S7-1500 Software Controller
|
< 20.8 |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1200 CPU family (incl. SIPLUS variants): All versions prior to V4.4.0
Siemens / SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
|
< 4.4.0 |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC: All versions
Siemens / SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC
|
vers:all/* |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Versions 2.8.1 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
|
>= 2.8.1 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Versions 20.8 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
|
>= 20.8 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants): All versions
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
|
vers:all/* |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-PLCSIM Advanced: Versions 3.0 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC S7-PLCSIM Advanced
|
>= 3.0 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1200 CPU family (incl. SIPLUS variants): Versions 4.4.0 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
|
>= 4.4.0 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All versions prior to V20.8
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
|
< 20.8 |
Vendor Fix
fix
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
|
|
SIMATIC S7-1500 Software Controller: Versions 20.8 and later (only affected by CVE-2019-10943)
Siemens / SIMATIC S7-1500 Software Controller
|
>= 20.8 (only affected by CVE-2019-10943) |
Vendor Fix
fix
Vendor Fix
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
|
References
9 references
Acknowledgments
Faculty of Computer Science, Technion Haifa
Eli Biham
Sara Bitan
Aviad Carmel
Alon Dankner
School of Electrical Engineering, Tel-Aviv University
Uriel Malin
Avishai Wool
Kaspersky
Artem Zinenko
{
"document": {
"acknowledgments": [
{
"names": [
"Eli Biham",
"Sara Bitan",
"Aviad Carmel",
"Alon Dankner"
],
"organization": "Faculty of Computer Science, Technion Haifa",
"summary": "reporting these vulnerabilities to Siemens"
},
{
"names": [
"Uriel Malin",
"Avishai Wool"
],
"organization": "School of Electrical Engineering, Tel-Aviv University",
"summary": "reporting these vulnerabilities to Siemens"
},
{
"names": [
"Artem Zinenko"
],
"organization": "Kaspersky",
"summary": "reporting these vulnerabilities to Siemens"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may allow an attacker to modify network traffic or impact the perceived integrity of the user program stored on the CPU.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-344-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-344-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-344-06 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-344-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B)",
"tracking": {
"current_release_date": "2020-03-10T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-344-06",
"initial_release_date": "2019-12-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-12-10T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-344-06 Siemens SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families"
},
{
"date": "2020-03-10T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-19-344-06 Siemens SIMATIC S7-1200 and S7-1500 CPU families (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "* (only affected by CVE-2019-10943)",
"product": {
"name": "SIMATIC Drive Controller family: All versions (only affected by CVE-2019-10943)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC Drive Controller family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.8.1",
"product": {
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): All versions prior to V2.8.1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 3.0",
"product": {
"name": "SIMATIC S7-PLCSIM Advanced: All versions prior to V3.0",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM Advanced"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 20.8",
"product": {
"name": "SIMATIC S7-1500 Software Controller: All versions prior to V20.8",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.4.0",
"product": {
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants): All versions prior to V4.4.0",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC: All versions",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 2.8.1 (only affected by CVE-2019-10943)",
"product": {
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Versions 2.8.1 and later (only affected by CVE-2019-10943)",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 20.8 (only affected by CVE-2019-10943)",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Versions 20.8 and later (only affected by CVE-2019-10943)",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants): All versions",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 3.0 (only affected by CVE-2019-10943)",
"product": {
"name": "SIMATIC S7-PLCSIM Advanced: Versions 3.0 and later (only affected by CVE-2019-10943)",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM Advanced"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 4.4.0 (only affected by CVE-2019-10943)",
"product": {
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants): Versions 4.4.0 and later (only affected by CVE-2019-10943)",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 20.8",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All versions prior to V20.8",
"product_id": "CSAFPID-00012"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 20.8 (only affected by CVE-2019-10943)",
"product": {
"name": "SIMATIC S7-1500 Software Controller: Versions 20.8 and later (only affected by CVE-2019-10943)",
"product_id": "CSAFPID-00013"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10929",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "An attacker in a man-in-the-middle position could modify network traffic exchanged on Port 102/TCP, due to certain properties in the calculation used for integrity protection. CVE-2019-10929 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10929"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "SIMATIC S7 PLCSIM Advanced: Update to v3.0",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-00010"
],
"url": "https://support.industry.siemens.com/cs/document/109772889/"
},
{
"category": "vendor_fix",
"details": "SIMATIC S7-1200 CPU family: Update to v4.4.0",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "SIMATIC S7-1500 CPU family: Update to v2.8.1",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/document/109478459/"
},
{
"category": "vendor_fix",
"details": "SIMATIC S7-1500 Software Controller: Update to v20.8",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-00013"
],
"url": "https://support.industry.siemens.com/cs/document/109772864/"
},
{
"category": "vendor_fix",
"details": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2: Update to v20.8",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00012"
],
"url": "https://support.industry.siemens.com/cs/document/109759122/"
},
{
"category": "mitigation",
"details": "All affected devices contain a feature called \u201cAccess Protection\u201d that prohibits unauthorized modifications of user code. Siemens recommends using access protection to protect affected devices from unauthorized modifications.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
],
"url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "mitigation",
"details": "Locate control system networks and remote devices behind firewalls, and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens \u0027 operational guidelines for industrial security, and follow the recommendations in the product manuals. Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
],
"url": "https://www.siemens.com/industrialsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
}
]
},
{
"cve": "CVE-2019-10943",
"cwe": {
"id": "CWE-353",
"name": "Missing Support for Integrity Check"
},
"notes": [
{
"category": "summary",
"text": "An attacker with network access to Port 102/TCP could modify the user program on the PLC in a way that the running code is different from the source code stored on the device. CVE-2019-10943 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10943"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "SIMATIC S7 PLCSIM Advanced: Update to v3.0",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-00010"
],
"url": "https://support.industry.siemens.com/cs/document/109772889/"
},
{
"category": "vendor_fix",
"details": "SIMATIC S7-1200 CPU family: Update to v4.4.0",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "SIMATIC S7-1500 CPU family: Update to v2.8.1",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/document/109478459/"
},
{
"category": "vendor_fix",
"details": "SIMATIC S7-1500 Software Controller: Update to v20.8",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-00013"
],
"url": "https://support.industry.siemens.com/cs/document/109772864/"
},
{
"category": "vendor_fix",
"details": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2: Update to v20.8",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00012"
],
"url": "https://support.industry.siemens.com/cs/document/109759122/"
},
{
"category": "mitigation",
"details": "All affected devices contain a feature called \u201cAccess Protection\u201d that prohibits unauthorized modifications of user code. Siemens recommends using access protection to protect affected devices from unauthorized modifications.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
],
"url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "mitigation",
"details": "Locate control system networks and remote devices behind firewalls, and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens \u0027 operational guidelines for industrial security, and follow the recommendations in the product manuals. Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
],
"url": "https://www.siemens.com/industrialsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013"
]
}
]
}
]
}
SSA-232418
Vulnerability from csaf_siemens - Published: 2019-08-13 00:00 - Updated: 2022-08-09 00:00Summary
SSA-232418: Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families
Notes
Summary: Two vulnerabilities have been identified in the SIMATIC
S7-1200/S7-1500 CPU families and related products. One vulnerability
(CVE-2019-10943) could allow an attacker with network access to
affected devices to modify the user program stored on these devices
such that the source code differs from the actual running code. The
other vulnerability (CVE-2019-10929) could allow an attacker in a Man-
in-the-Middle position to modify network traffic exchanged on port
102/tcp. Siemens has released updates for several affected
products to fix CVE-2019-10929 and recommends to update to the latest
versions. Regarding CVE-2019-10943, Siemens recommends specific
countermeasures for products where updates are not, or not yet
available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends
to configure the environment according to Siemens' operational
guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-
security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found
at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
CWE-327
- Use of a Broken or Risky Cryptographic Algorithm
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
|
vers:all/* |
Mitigation
No Fix Planned
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
|
< V20.8 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
Siemens / SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
|
< V4.4.0 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
Siemens / SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
|
< V2.8.1 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC S7-1500 Software Controller
Siemens / SIMATIC S7-1500 Software Controller
|
< V20.8 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC S7-PLCSIM Advanced
Siemens / SIMATIC S7-PLCSIM Advanced
|
< V3.0 |
Mitigation
Vendor Fix
fix
|
CWE-353
- Missing Support for Integrity Check
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC Drive Controller family
Siemens / SIMATIC Drive Controller family
|
vers:all/* |
Mitigation
No Fix Planned
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
|
vers:all/* |
Mitigation
No Fix Planned
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
|
< V20.8 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
|
>= V20.8 |
Mitigation
No Fix Planned
|
|
|
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
Siemens / SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
|
< V4.4.0 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
Siemens / SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
|
>= V4.4.0 |
Mitigation
No Fix Planned
|
|
|
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
Siemens / SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
|
< V2.8.1 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
Siemens / SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
|
>= V2.8.1 |
Mitigation
No Fix Planned
|
|
|
SIMATIC S7-1500 Software Controller
Siemens / SIMATIC S7-1500 Software Controller
|
< V20.8 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC S7-1500 Software Controller
Siemens / SIMATIC S7-1500 Software Controller
|
>= V20.8 |
Mitigation
No Fix Planned
|
|
|
SIMATIC S7-PLCSIM Advanced
Siemens / SIMATIC S7-PLCSIM Advanced
|
< V3.0 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC S7-PLCSIM Advanced
Siemens / SIMATIC S7-PLCSIM Advanced
|
>= V3.0 |
Mitigation
No Fix Planned
|
References
3 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Two vulnerabilities have been identified in the SIMATIC\nS7-1200/S7-1500 CPU families and related products. One vulnerability\n(CVE-2019-10943) could allow an attacker with network access to\naffected devices to modify the user program stored on these devices\nsuch that the source code differs from the actual running code. The\nother vulnerability (CVE-2019-10929) could allow an attacker in a Man-\nin-the-Middle position to modify network traffic exchanged on port\n102/tcp. Siemens has released updates for several affected\nproducts to fix CVE-2019-10929 and recommends to update to the latest\nversions. Regarding CVE-2019-10943, Siemens recommends specific\ncountermeasures for products where updates are not, or not yet\navailable.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect\nnetwork access to devices with appropriate mechanisms. In order to\noperate the devices in a protected IT environment, Siemens recommends\nto configure the environment according to Siemens\u0027 operational\nguidelines for Industrial Security (Download:\nhttps://www.siemens.com/cert/operational-guidelines-industrial-\nsecurity), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found\nat: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-232418: Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
},
{
"category": "self",
"summary": "SSA-232418: Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-232418.txt"
},
{
"category": "self",
"summary": "SSA-232418: Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-232418.json"
}
],
"title": "SSA-232418: Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families",
"tracking": {
"current_release_date": "2022-08-09T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-232418",
"initial_release_date": "2019-08-13T00:00:00Z",
"revision_history": [
{
"date": "2019-08-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2019-12-10T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for CVE-2019-10929 for S7-1200 and S7-1500. SIPLUS devices now explicitly mentioned in the list of affected products"
},
{
"date": "2020-03-10T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Removed exclusion of SIMATIC S7-1500 CPU 1518-4 PN/DP. Added solution for CVE-2019-10929 for ET200SP CPU 1515SP PC2 and SIMATIC S7-1500 Software Controller"
},
{
"date": "2020-03-12T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Fix information about affected versions in product list."
},
{
"date": "2022-08-09T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added SIMATIC Drive Controller and SIMATIC ET 200SP Open Controller CPU 1515SP PC as affected products; separate fix information for the different CVE IDs; updated fix release URL for SIMATIC S7-1200; reviewed mitigation measure"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC Drive Controller family",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIMATIC Drive Controller family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V20.8",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V20.8",
"product": {
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V4.4.0",
"product": {
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V4.4.0",
"product": {
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.8.1",
"product": {
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.8.1",
"product": {
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V20.8",
"product": {
"name": "SIMATIC S7-1500 Software Controller",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V20.8",
"product": {
"name": "SIMATIC S7-1500 Software Controller",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 Software Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.0",
"product": {
"name": "SIMATIC S7-PLCSIM Advanced",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM Advanced"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V3.0",
"product": {
"name": "SIMATIC S7-PLCSIM Advanced",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM Advanced"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10929",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "Affected devices contain a message protection bypass vulnerability due to certain\nproperties in the calculation used for integrity protection.\n\nThis could allow an attacker in a Man-in-the-Middle position to modify network\ntraffic sent on port 102/tcp to the affected devices.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"2",
"3",
"5",
"7",
"9",
"11"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply password protection for S7 communication",
"product_ids": [
"2",
"3",
"5",
"7",
"9",
"11"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V20.8 or later version",
"product_ids": [
"9"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109772864/"
},
{
"category": "vendor_fix",
"details": "Update to V4.4.0 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109772889/"
},
{
"category": "vendor_fix",
"details": "Update to V2.8.1 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"category": "vendor_fix",
"details": "Update to V20.8 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"2",
"3",
"5",
"7",
"9",
"11"
]
}
],
"title": "CVE-2019-10929"
},
{
"cve": "CVE-2019-10943",
"cwe": {
"id": "CWE-353",
"name": "Missing Support for Integrity Check"
},
"notes": [
{
"category": "summary",
"text": "An attacker with network access to port 102/tcp could potentially modify the\nuser program on the PLC in a way that the running code is different from the\nsource code which is stored on the device.\n\nAn attacker must have network access to affected devices and must be able to\nperform changes to the user program. The vulnerability could impact the\nperceived integrity of the user program stored on the CPU. An engineer that\ntries to obtain the code of the user program running on the device, can\nreceive different source code that is not actually running on the device.\n",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply password protection for S7 communication",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"4",
"6",
"8",
"10",
"12"
]
},
{
"category": "vendor_fix",
"details": "Update to V20.8 or later version",
"product_ids": [
"9"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109772864/"
},
{
"category": "vendor_fix",
"details": "Update to V4.4.0 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793280/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109772889/"
},
{
"category": "vendor_fix",
"details": "Update to V2.8.1 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
},
{
"category": "vendor_fix",
"details": "Update to V20.8 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109759122/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:T/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12"
]
}
],
"title": "CVE-2019-10943"
}
]
}
VAR-201908-1838
Vulnerability from variot - Updated: 2024-11-23 22:33A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. plural SIMATIC The product contains an access control vulnerability.Information may be tampered with. The Simatic S7-1200 CPU and Simatic S7-1500 CPU series are discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries.
A man-in-the-middle attack vulnerability exists in the SIMATICS7-1200 and SIMATICS7-1500CPU families. A vulnerability has been identified in SIMATIC ET200SP (incl. No public exploitation of the vulnerability was known at the time of advisory publication. Both Siemens SIMATIC S7-1500 CPU and Siemens SIMATIC S7-1200 are products of Siemens, Germany. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1838",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic et 200sp open controller cpu 1515sp pc2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "20.8"
},
{
"model": "simatic s7-1500 cpu 1518",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8.1"
},
{
"model": "simatic s7-1500 cpu 1511c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8.1"
},
{
"model": "simatic et 200sp open controller cpu 1515sp pc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1217c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "simatic s7 plcsim advanced",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic s7-1200 cpu 1215c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "simatic s7-1500 software controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "20.8"
},
{
"model": "simatic s7-1500 cpu 1512c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8.1"
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200 sp open controller cpu 1515sp pc2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200 cpu 1215c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200 cpu 1217c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu 1511c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu 1512c",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu 1518",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 software controller",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1500 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-plcsim advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-1200 cpu family",
"scope": "gte",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.0"
},
{
"model": "simatic et 200sp open controller cpu1515sp pc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200sp open controller cpu1515sp pc2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp open controller cpu 1515sp pc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 cpu 1512c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 plcsim advanced",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200sp open controller cpu 1515sp pc2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu 1211c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu 1212c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu 1214c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu 1215c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1200 cpu 1217c",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 cpu 1518",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 1500 cpu 1511c",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca"
},
{
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"db": "NVD",
"id": "CVE-2019-10943"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_cpu_1511c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_cpu_1512c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_cpu_1518_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
}
]
},
"cve": "CVE-2019-10943",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10943",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-27700",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "f259ba44-659c-4896-9e72-76a889fc2aca",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142540",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10943",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10943",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10943",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10943",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-27700",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-899",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142540",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca"
},
{
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"db": "VULHUB",
"id": "VHN-142540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-899"
},
{
"db": "NVD",
"id": "CVE-2019-10943"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003e= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003c V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions \u003e= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003c V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.8.1), SIMATIC S7-1500 Software Controller (All versions \u003c V20.8), SIMATIC S7-1500 Software Controller (All versions \u003e= V20.8), SIMATIC S7-PLCSIM Advanced (All versions \u003c V3.0), SIMATIC S7-PLCSIM Advanced (All versions \u003e= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. plural SIMATIC The product contains an access control vulnerability.Information may be tampered with. The Simatic S7-1200 CPU and Simatic S7-1500 CPU series are discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. \n\nA man-in-the-middle attack vulnerability exists in the SIMATICS7-1200 and SIMATICS7-1500CPU families. A vulnerability has been identified in SIMATIC ET200SP (incl. No public exploitation of the vulnerability was known at the time of advisory publication. Both Siemens SIMATIC S7-1500 CPU and Siemens SIMATIC S7-1200 are products of Siemens, Germany. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10943"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"db": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca"
},
{
"db": "VULHUB",
"id": "VHN-142540"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10943",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-232418",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-344-06",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201908-899",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-27700",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4621",
"trust": 0.6
},
{
"db": "IVD",
"id": "F259BA44-659C-4896-9E72-76A889FC2ACA",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-142540",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca"
},
{
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"db": "VULHUB",
"id": "VHN-142540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-899"
},
{
"db": "NVD",
"id": "CVE-2019-10943"
}
]
},
"id": "VAR-201908-1838",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca"
},
{
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"db": "VULHUB",
"id": "VHN-142540"
}
],
"trust": 1.6184979955555554
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca"
},
{
"db": "CNVD",
"id": "CNVD-2019-27700"
}
]
},
"last_update_date": "2024-11-23T22:33:46.868000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-232418",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
},
{
"title": "Patch for SIMATICS7-1200 and SIMATICS7-1500CPU families permission access vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/175779"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-353",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"db": "NVD",
"id": "CVE-2019-10943"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10943"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10943"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-two-vulnerabilities-30052"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4621/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"db": "VULHUB",
"id": "VHN-142540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-899"
},
{
"db": "NVD",
"id": "CVE-2019-10943"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca"
},
{
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"db": "VULHUB",
"id": "VHN-142540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-899"
},
{
"db": "NVD",
"id": "CVE-2019-10943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "IVD",
"id": "f259ba44-659c-4896-9e72-76a889fc2aca"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-142540"
},
{
"date": "2019-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-899"
},
{
"date": "2019-08-13T19:15:15.530000",
"db": "NVD",
"id": "CVE-2019-10943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-27700"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142540"
},
{
"date": "2019-12-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008098"
},
{
"date": "2022-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-899"
},
{
"date": "2024-11-21T04:20:12.313000",
"db": "NVD",
"id": "CVE-2019-10943"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-899"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-899"
}
],
"trust": 0.6
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…