Vulnerability-Lookup

BDU:2019-01859

Vulnerability from fstec - Published: 14.05.2019

Title

Уязвимость программного обеспечения продуктов Siemens SIMATIC, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость программного обеспечения продуктов Siemens SIMATIC связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, имеющему доступ к файлу проекта, модифицировать его таким образом, чтобы при загрузке произошел отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Siemens AG

Software Name

SIMATIC WinCC, SIMATIC PCS 7, SIMATIC WinCC (TIA Portal), SIMATIC WinCC Runtime Professional

Software Version

до 7.2 включительно (SIMATIC WinCC), до 7.5 Upd3 (SIMATIC WinCC), от V8.2 до V8.2 SP1 (SIMATIC PCS 7), до 9.0 SP2 (SIMATIC PCS 7), до 8.0 включительно (SIMATIC PCS 7), до V8.1 (SIMATIC PCS 7), от 14 до 14 SP1 Upd9 (SIMATIC WinCC (TIA Portal)), от 15 до 15.1 Upd 3 (SIMATIC WinCC (TIA Portal)), от V14 до V14.1 Upd 8 (SIMATIC WinCC Runtime Professional), от V15 до V15.1 Upd 3 (SIMATIC WinCC Runtime Professional), V13 (SIMATIC WinCC (TIA Portal)), V13 (SIMATIC WinCC Runtime Professional), от 7.3 до 7.3 Upd 19 (SIMATIC WinCC), от 7.4 до 7.4 SP1 Upd11 (SIMATIC WinCC)

Possible Mitigations

Обновление программного обеспечения: Для SIMATIC WinCC Runtime Professional V14 до V14.1 Upd 8: https://support.industry.siemens.com/cs/ww/en/view/109747394 Для SIMATIC WinCC Runtime Professional V15 до V15.1 Upd 3: https://support.industry.siemens.com/cs/ww/en/view/109763892 Для SIMATIC WinCC от V7.5 включительно до V7.5 Upd3: https://support.industry.siemens.com/cs/ww/en/view/109767227 Для SIMATIC PCS 7 V8.1 до V8.1 с WinCC V7.3 Upd 19: https://support.industry.siemens.com/cs/ww/en/view/109768972 Для SIMATIC PCS 7 до V8.2 SP1: https://support.industry.siemens.com/cs/ww/en/view/109768093 Для SIMATIC PCS 7 до V9.0 SP2: https://support.industry.siemens.com/cs/ww/en/view/109768093 Для SIMATIC WinCC до V7.3 Upd 19: https://support.industry.siemens.com/cs/ww/en/view/109768972 Для SIMATIC WinCC до V7.4 SP1 Upd 11: https://support.industry.siemens.com/cs/ww/en/view/109768093 Для SIMATIC WinCC до V7.5 Upd 3: https://support.industry.siemens.com/cs/ww/en/view/109767227 Для SIMATIC WinCC (TIA Portal) V14 до V14 SP1 Upd9: https://support.industry.siemens.com/cs/ww/en/view/109747387 Для SIMATIC WinCC (TIA Portal) V15 до V15.1 Upd3: https://support.industry.siemens.com/cs/ww/en/view/109763890 Для SIMATIC WinCC and SIMATIC PCS 7: Включение функции "Зашифрованная связь" Компенсирующие меры: Применение глубокоэшелонированную защиту

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-10917 https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 7.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SIMATIC WinCC), \u0434\u043e 7.5 Upd3 (SIMATIC WinCC), \u043e\u0442 V8.2 \u0434\u043e V8.2 SP1 (SIMATIC PCS 7), \u0434\u043e 9.0 SP2 (SIMATIC PCS 7), \u0434\u043e 8.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SIMATIC PCS 7), \u0434\u043e V8.1 (SIMATIC PCS 7), \u043e\u0442 14 \u0434\u043e 14 SP1 Upd9 (SIMATIC WinCC (TIA Portal)), \u043e\u0442 15 \u0434\u043e 15.1 Upd 3 (SIMATIC WinCC (TIA Portal)), \u043e\u0442 V14 \u0434\u043e V14.1 Upd 8 (SIMATIC WinCC Runtime Professional), \u043e\u0442 V15 \u0434\u043e V15.1 Upd 3 (SIMATIC WinCC Runtime Professional), V13 (SIMATIC WinCC (TIA Portal)), V13 (SIMATIC WinCC Runtime Professional), \u043e\u0442 7.3 \u0434\u043e 7.3 Upd 19 (SIMATIC WinCC), \u043e\u0442 7.4 \u0434\u043e 7.4 SP1 Upd11 (SIMATIC WinCC)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\n\u0414\u043b\u044f SIMATIC WinCC Runtime Professional V14 \u0434\u043e V14.1 Upd 8:\nhttps://support.industry.siemens.com/cs/ww/en/view/109747394\n\n\u0414\u043b\u044f SIMATIC WinCC Runtime Professional V15 \u0434\u043e V15.1 Upd 3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763892\n\n\u0414\u043b\u044f SIMATIC WinCC \u043e\u0442 V7.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043e V7.5 Upd3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109767227\n\n\u0414\u043b\u044f SIMATIC PCS 7 V8.1 \u0434\u043e V8.1 \u0441 WinCC V7.3 Upd 19:\nhttps://support.industry.siemens.com/cs/ww/en/view/109768972\n\n\u0414\u043b\u044f SIMATIC PCS 7 \u0434\u043e V8.2 SP1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109768093\n\n\u0414\u043b\u044f SIMATIC PCS 7 \u0434\u043e V9.0 SP2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109768093\n\n\u0414\u043b\u044f SIMATIC WinCC \u0434\u043e V7.3 Upd 19:\nhttps://support.industry.siemens.com/cs/ww/en/view/109768972\n\n\u0414\u043b\u044f SIMATIC WinCC \u0434\u043e V7.4 SP1 Upd 11:\nhttps://support.industry.siemens.com/cs/ww/en/view/109768093\n\n\u0414\u043b\u044f SIMATIC WinCC \u0434\u043e V7.5 Upd 3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109767227\n\n\u0414\u043b\u044f SIMATIC WinCC (TIA Portal) V14 \u0434\u043e V14 SP1 Upd9:\nhttps://support.industry.siemens.com/cs/ww/en/view/109747387\n\n\u0414\u043b\u044f  SIMATIC WinCC (TIA Portal) V15 \u0434\u043e V15.1 Upd3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763890\n\n\u0414\u043b\u044f SIMATIC WinCC and SIMATIC PCS 7:\n\u0412\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \"\u0417\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0441\u0432\u044f\u0437\u044c\"\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u044d\u0448\u0435\u043b\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.05.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.05.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01859",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-10917",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIMATIC WinCC, SIMATIC PCS 7, SIMATIC WinCC (TIA Portal), SIMATIC WinCC Runtime Professional",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Siemens SIMATIC, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Siemens SIMATIC \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443 \u043f\u0440\u043e\u0435\u043a\u0442\u0430, \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u043b \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-10917\n\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2019-10917 (GCVE-0-2019-10917)

Vulnerability from cvelistv5 – Published: 2019-05-14 19:54 – Updated: 2024-08-04 22:40

Summary

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Severity ?

No CVSS data available.

CWE

CWE-248 - Uncaught Exception

Assigner

siemens

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/ICSA-19-134-08	x_refsource_MISC

Impacted products

Vendor

Product

Version

Siemens AG

SIMATIC PCS 7 V8.0 and earlier

Affected: All versions

Siemens AG	SIMATIC PCS 7 V8.1	Affected: All versions < V8.1 with WinCC V7.3 Upd 19
Siemens AG	SIMATIC PCS 7 V8.2	Affected: All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11
Siemens AG	SIMATIC PCS 7 V9.0	Affected: All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11
Siemens AG	SIMATIC WinCC (TIA Portal) V13	Affected: All versions
Siemens AG	SIMATIC WinCC (TIA Portal) V14	Affected: All versions < V14 SP1 Upd 9
Siemens AG	SIMATIC WinCC (TIA Portal) V15	Affected: All versions < V15.1 Upd 3
Siemens AG	SIMATIC WinCC Runtime Professional V13	Affected: All versions
Siemens AG	SIMATIC WinCC Runtime Professional V14	Affected: All versions < V14.1 Upd 8
Siemens AG	SIMATIC WinCC Runtime Professional V15	Affected: All versions < V15.1 Upd 3
Siemens AG	SIMATIC WinCC V7.2 and earlier	Affected: All versions
Siemens AG	SIMATIC WinCC V7.3	Affected: All versions < V7.3 Upd 19
Siemens AG	SIMATIC WinCC V7.4	Affected: All versions < V7.4 SP1 Upd 11
Siemens AG	SIMATIC WinCC V7.5	Affected: All versions < V7.5 Upd 3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC PCS 7 V8.0 and earlier",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC PCS 7 V8.1",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.1 with WinCC V7.3 Upd 19"
            }
          ]
        },
        {
          "product": "SIMATIC PCS 7 V8.2",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11"
            }
          ]
        },
        {
          "product": "SIMATIC PCS 7 V9.0",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC (TIA Portal) V13",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC (TIA Portal) V14",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V14 SP1 Upd 9"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC (TIA Portal) V15",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd 3"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC Runtime Professional V13",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC Runtime Professional V14",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V14.1 Upd 8"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC Runtime Professional V15",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Upd 3"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC V7.2 and earlier",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC V7.3",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.3 Upd 19"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC V7.4",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.4 SP1 Upd 11"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC V7.5",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.5 Upd 3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-23T19:28:02.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2019-10917",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC PCS 7 V8.0 and earlier",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS 7 V8.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.1 with WinCC V7.3 Upd 19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS 7 V8.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS 7 V9.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC (TIA Portal) V13",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC (TIA Portal) V14",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V14 SP1 Upd 9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC (TIA Portal) V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Upd 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC Runtime Professional V13",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC Runtime Professional V14",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V14.1 Upd 8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC Runtime Professional V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Upd 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC V7.2 and earlier",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC V7.3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V7.3 Upd 19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC V7.4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V7.4 SP1 Upd 11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC V7.5",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V7.5 Upd 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-248: Uncaught Exception"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-10917",
    "datePublished": "2019-05-14T19:54:48.000Z",
    "dateReserved": "2019-04-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:40:15.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-01859

CVE-2019-10917 (GCVE-0-2019-10917)

Tags

Sightings

Nomenclature