ID

VAR-201904-0174


CVE

CVE-2019-6568


TITLE

Vulnerability related to input validation in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2019-003541

DESCRIPTION

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.7

sources: NVD: CVE-2019-6568 // JVNDB: JVNDB-2019-003541 // CNVD: CNVD-2019-12904 // BID: 107842 // IVD: a397cc8b-ee17-4faf-8447-e9ee5f57dd12 // VULHUB: VHN-158003

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: a397cc8b-ee17-4faf-8447-e9ee5f57dd12 // CNVD: CNVD-2019-12904

AFFECTED PRODUCTS

vendor:siemensmodel:sinamics s210scope:eqversion:5.1

Trust: 1.3

vendor:siemensmodel:sinamics s150scope:eqversion:5.1

Trust: 1.3

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:sinamics sm120scope:ltversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic s7-plcsim advancedscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic ipc diagmonitorscope:ltversion:5.1.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500sscope:ltversion:2.6.1

Trust: 1.0

vendor:siemensmodel:sinamics gh150scope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime advancedscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:sinamics gl150scope:ltversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pnscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simocode pro v pnscope:ltversion:2.1.3

Trust: 1.0

vendor:siemensmodel:sinamics gm150scope:ltversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700scope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500scope:ltversion:2.6.1

Trust: 1.0

vendor:siemensmodel:simatic cp443-1 advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics sl150scope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:sitop managerscope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:sinamics sm120scope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort panelsscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp400fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pc2scope:ltversion:2.7

Trust: 1.0

vendor:siemensmodel:sinamics g130scope:ltversion:5.2

Trust: 1.0

vendor:siemensmodel:cp1604scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic winac rtxscope:eqversion:2010

Trust: 1.0

vendor:siemensmodel:sinamics s120scope:ltversion:5.2

Trust: 1.0

vendor:siemensmodel:sitop psu8600scope:ltversion:1.5

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic cp443-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simocode pro v eipscope:ltversion:1.1.3

Trust: 1.0

vendor:siemensmodel:simatic s7-plcsim advancedscope:eqversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pn\/dpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sitop ups1600scope:ltversion:2.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 software controllerscope:ltversion:2.7

Trust: 1.0

vendor:siemensmodel:sinamics sm150scope:ltversion:5.1

Trust: 1.0

vendor:siemensmodel:simatic rf182cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic rf600rscope:ltversion:3.2.1

Trust: 1.0

vendor:siemensmodel:cp1616scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic teleservice adapter ie standardscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic rf185cscope:ltversion:1.1.0

Trust: 1.0

vendor:siemensmodel:simatic rf186cscope:ltversion:1.1.0

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic teleservice adapter ie basicscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900fscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:sinamics gm150scope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic s7-1500tscope:ltversion:2.6.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900scope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic s7-300scope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:sinamics gh150scope:ltversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic rf188cscope:ltversion:1.1.0

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp400fscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:sinamics gl150scope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pcscope:ltversion:2.1.6

Trust: 1.0

vendor:siemensmodel:sinamics g150scope:ltversion:5.2

Trust: 1.0

vendor:siemensmodel:sinamics s150scope:ltversion:5.1

Trust: 1.0

vendor:siemensmodel:simatic winac rtxscope:ltversion:2010

Trust: 1.0

vendor:siemensmodel:sinamics sl150scope:ltversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic cp443-1 opc uascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics sm150scope:eqversion:5.1

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic rf181-eipscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:ltversion:2.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1500fscope:ltversion:2.6.1

Trust: 1.0

vendor:siemensmodel:simatic cp343-1 advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics s210scope:ltversion:5.1

Trust: 1.0

vendor:siemensmodel:simatic teleservice adapter ie advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1543sp-1scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp 1604scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp 1616scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp 343-1 advancedscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp 443-1 advscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp 443-1scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pcscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pc2scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi comfort panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic rf185cscope: - version: -

Trust: 0.8

vendor:sinamics s150model: - scope:eqversion:5.1

Trust: 0.6

vendor:siemensmodel:simatic winac rtx sp2 allscope:eqversion:2010

Trust: 0.6

vendor:siemensmodel:simatic s7-300 cpu family allscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-400 pn/dpscope:eqversion:v7

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 software controllerscope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics s120scope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics g130 and g150scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic rf182cscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cp443-1 opc uascope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic ipc diagmonitorscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic rf188cscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic rf600rscope: - version: -

Trust: 0.6

vendor:siemensmodel:cp1604scope: - version: -

Trust: 0.6

vendor:siemensmodel:cp1616scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et sp open controller cpu 1515sp pcscope:eqversion:200<v2.1.6

Trust: 0.6

vendor:siemensmodel:simatic hmi comfort panels 4" 22"scope:eqversion: -

Trust: 0.6

vendor:siemensmodel:simatic hmi ktp mobile panelsscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-400 pnscope:eqversion:v6

Trust: 0.6

vendor:siemensmodel:sinamics s150scope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics s210scope:eqversion:v5.1

Trust: 0.6

vendor:siemensmodel:sinamics s210 sp1scope:eqversion:v5.1

Trust: 0.6

vendor:siemensmodel:tim ircscope:eqversion:1531

Trust: 0.6

vendor:siemensmodel:simatic hmi comfort outdoor panels 7" & 15"scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic rf181-eipscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic rf186cscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic teleservice adapter ie advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic teleservice adapter ie basicscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic teleservice adapter ie standardscope: - version: -

Trust: 0.6

vendor:siemensmodel:simocode pro eipscope:eqversion:v

Trust: 0.6

vendor:siemensmodel:simocode pro pnscope:eqversion:v

Trust: 0.6

vendor:siemensmodel:sitop managerscope: - version: -

Trust: 0.6

vendor:siemensmodel:sitop psu8600scope: - version: -

Trust: 0.6

vendor:siemensmodel:sitop ups1600scope: - version: -

Trust: 0.6

vendor:siemensmodel:siamtic rf185cscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cp343-1 advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cp443-1scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cp443-1 advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et sp open controller cpu 1515sp pc2scope:eqversion:200

Trust: 0.6

vendor:sinamics s210model: - scope:eqversion:5.1

Trust: 0.4

vendor:siemensmodel:tim ircscope:eqversion:15310

Trust: 0.3

vendor:siemensmodel:sitop ups1600scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:sitop psu8600scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:sitop managerscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:sinamics s210 sp1scope:eqversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics s150 sp1scope:eqversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics s150scope:eqversion:4.8

Trust: 0.3

vendor:siemensmodel:sinamics s150 sp1scope:eqversion:4.7

Trust: 0.3

vendor:siemensmodel:sinamics s150scope:eqversion:4.7

Trust: 0.3

vendor:siemensmodel:sinamics s150scope:eqversion:4.6

Trust: 0.3

vendor:siemensmodel:sinamics s120 sp1scope:eqversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics s120scope:eqversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics s120scope:eqversion:4.8

Trust: 0.3

vendor:siemensmodel:sinamics s120 sp1scope:eqversion:4.7

Trust: 0.3

vendor:siemensmodel:sinamics s120scope:eqversion:4.7

Trust: 0.3

vendor:siemensmodel:sinamics s120scope:eqversion:4.6

Trust: 0.3

vendor:siemensmodel:sinamics g150 sp1scope:eqversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics g150scope:eqversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics g150scope:eqversion:4.8

Trust: 0.3

vendor:siemensmodel:sinamics g150 sp1scope:eqversion:4.7

Trust: 0.3

vendor:siemensmodel:sinamics g150scope:eqversion:4.7

Trust: 0.3

vendor:siemensmodel:sinamics g150scope:eqversion:4.6

Trust: 0.3

vendor:siemensmodel:sinamics g130 sp1scope:eqversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics g130scope:eqversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics g130scope:eqversion:4.8

Trust: 0.3

vendor:siemensmodel:sinamics g130 sp1scope:eqversion:4.7

Trust: 0.3

vendor:siemensmodel:sinamics g130scope:eqversion:4.7

Trust: 0.3

vendor:siemensmodel:sinamics g130scope:eqversion:4.6

Trust: 0.3

vendor:siemensmodel:simocode pro pnscope:eqversion:v0

Trust: 0.3

vendor:siemensmodel:simocode pro eipscope:eqversion:v0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic winac rtxscope:eqversion:20100

Trust: 0.3

vendor:siemensmodel:simatic teleservice adapter ie standardscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic teleservice adapter ie basicscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic teleservice adapter ie advancedscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic s7-plcsim advancedscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic s7-400 pn/dpscope:eqversion:7

Trust: 0.3

vendor:siemensmodel:simatic s7-400 pnscope:eqversion:v60

Trust: 0.3

vendor:siemensmodel:simatic s7-300 cpuscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic s7-1500 software controllerscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic s7-1500 cpuscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic rf600rscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic rf188cscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic rf186cscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic rf185cscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic rf182cscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic ipc diagmonitorscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp900f mobilescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp900 mobilescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp700f mobilescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp700 mobilescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp400f mobilescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp mobile panelsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic et200 open controller cpu 1515sp pc2scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic et200 open controller cpu 1515sp pcscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic cp opc uascope:eqversion:443-10

Trust: 0.3

vendor:siemensmodel:simatic cp advancedscope:eqversion:443-10

Trust: 0.3

vendor:siemensmodel:simatic cpscope:eqversion:443-10

Trust: 0.3

vendor:siemensmodel:simatic cp advancedscope:eqversion:343-10

Trust: 0.3

vendor:siemensmodel:rfid 181-eipscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:cpscope:eqversion:16160

Trust: 0.3

vendor:siemensmodel:cpscope:eqversion:16040

Trust: 0.3

vendor:siemensmodel:sinamics s150 sp1 hf4scope:neversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics s150 hf6scope:neversion:4.8

Trust: 0.3

vendor:siemensmodel:sinamics s120 sp1 hf4scope:neversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics s120 hf6scope:neversion:4.8

Trust: 0.3

vendor:siemensmodel:sinamics g150 sp1 hf4scope:neversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics g150 hf6scope:neversion:4.8

Trust: 0.3

vendor:siemensmodel:sinamics g130 sp1 hf4scope:neversion:5.1

Trust: 0.3

vendor:siemensmodel:sinamics g130 hf6scope:neversion:4.8

Trust: 0.3

vendor:siemensmodel:simatic s7-300 cpuscope:neversion:v3.x.16

Trust: 0.3

vendor:siemensmodel:simatic et200 open controller cpu 1515sp pcscope:neversion:2.1.6

Trust: 0.3

vendor:cp1604model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi comfort panelsmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi ktp mobile panels ktp400fmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi ktp mobile panels ktp700model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi ktp mobile panels ktp700fmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi ktp mobile panels ktp900model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi ktp mobile panels ktp900fmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp443 1 opc uamodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic ipc diagmonitormodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500 controllermodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 plcsim advancedmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic wincc runtime advancedmodel: - scope:eqversion:*

Trust: 0.2

vendor:sitop managermodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf600rmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf188cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf186cmodel: - scope:eqversion:*

Trust: 0.2

vendor:cp1616model: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf182cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf181 eipmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300model: - scope:eqversion: -

Trust: 0.2

vendor:simatic s7 400 pnmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400 pn dpmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic teleservice adapter ie advancedmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic teleservice adapter ie basicmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic teleservice adapter ie standardmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic winac rtx 2010model: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf185cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simocode pro v eipmodel: - scope:eqversion:*

Trust: 0.2

vendor:simocode pro v pnmodel: - scope:eqversion: -

Trust: 0.2

vendor:sinamics g130model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics g150model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics s120model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics s150model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics s210model: - scope:eqversion:*

Trust: 0.2

vendor:sitop psu8600model: - scope:eqversion:*

Trust: 0.2

vendor:sitop ups1600model: - scope:eqversion:*

Trust: 0.2

vendor:tim 1531 ircmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp343 1 advancedmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500fmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500smodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500tmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp443 1model: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp443 1 advancedmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200 sp open controller cpu 1515sp pcmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200 sp open controller cpu 1515sp pc2model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi comfort outdoor panelsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: a397cc8b-ee17-4faf-8447-e9ee5f57dd12 // CNVD: CNVD-2019-12904 // BID: 107842 // JVNDB: JVNDB-2019-003541 // NVD: CVE-2019-6568

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6568
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2019-6568
value: HIGH

Trust: 1.0

NVD: CVE-2019-6568
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-12904
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201904-458
value: HIGH

Trust: 0.6

IVD: a397cc8b-ee17-4faf-8447-e9ee5f57dd12
value: HIGH

Trust: 0.2

VULHUB: VHN-158003
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6568
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-12904
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a397cc8b-ee17-4faf-8447-e9ee5f57dd12
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-158003
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6568
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2019-6568
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: a397cc8b-ee17-4faf-8447-e9ee5f57dd12 // CNVD: CNVD-2019-12904 // VULHUB: VHN-158003 // JVNDB: JVNDB-2019-003541 // CNNVD: CNNVD-201904-458 // NVD: CVE-2019-6568 // NVD: CVE-2019-6568

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-158003 // JVNDB: JVNDB-2019-003541 // NVD: CVE-2019-6568

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-458

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-458

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003541

PATCH

title:SSA-480230url:https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf

Trust: 0.8

title:SSA-530931url:https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf

Trust: 0.8

title:Patches for multiple Siemens product denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/160237

Trust: 0.6

title:Multiple Siemens Product security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=91286

Trust: 0.6

sources: CNVD: CNVD-2019-12904 // JVNDB: JVNDB-2019-003541 // CNNVD: CNNVD-201904-458

EXTERNAL IDS

db:NVDid:CVE-2019-6568

Trust: 3.6

db:ICS CERTid:ICSA-19-099-06

Trust: 2.3

db:SIEMENSid:SSA-480230

Trust: 2.0

db:SIEMENSid:SSA-530931

Trust: 1.7

db:ICS CERTid:ICSA-19-227-04

Trust: 1.4

db:BIDid:107842

Trust: 1.0

db:CNNVDid:CNNVD-201904-458

Trust: 0.9

db:CNVDid:CNVD-2019-12904

Trust: 0.8

db:JVNDBid:JVNDB-2019-003541

Trust: 0.8

db:AUSCERTid:ESB-2019.3150

Trust: 0.6

db:AUSCERTid:ESB-2019.1204.2

Trust: 0.6

db:IVDid:A397CC8B-EE17-4FAF-8447-E9EE5F57DD12

Trust: 0.2

db:VULHUBid:VHN-158003

Trust: 0.1

sources: IVD: a397cc8b-ee17-4faf-8447-e9ee5f57dd12 // CNVD: CNVD-2019-12904 // VULHUB: VHN-158003 // BID: 107842 // JVNDB: JVNDB-2019-003541 // CNNVD: CNNVD-201904-458 // NVD: CVE-2019-6568

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-099-06

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf

Trust: 2.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf

Trust: 1.7

url:https://www.us-cert.gov/ics/advisories/icsa-19-227-04

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-6568

Trust: 1.4

url:http://subscriber.communications.siemens.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6568

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3150/

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-099-06

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-099-06

Trust: 0.6

url:https://www.securityfocus.com/bid/107842

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-denial-of-service-via-webserver-28976

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78710

Trust: 0.6

sources: CNVD: CNVD-2019-12904 // VULHUB: VHN-158003 // BID: 107842 // JVNDB: JVNDB-2019-003541 // CNNVD: CNNVD-201904-458 // NVD: CVE-2019-6568

CREDITS

Siemens reported this vulnerability to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201904-458

SOURCES

db:IVDid:a397cc8b-ee17-4faf-8447-e9ee5f57dd12
db:CNVDid:CNVD-2019-12904
db:VULHUBid:VHN-158003
db:BIDid:107842
db:JVNDBid:JVNDB-2019-003541
db:CNNVDid:CNNVD-201904-458
db:NVDid:CVE-2019-6568

LAST UPDATE DATE

2024-11-23T22:25:58.024000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-12904date:2019-05-07T00:00:00
db:VULHUBid:VHN-158003date:2023-01-10T00:00:00
db:BIDid:107842date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003541date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201904-458date:2023-04-12T00:00:00
db:NVDid:CVE-2019-6568date:2024-11-21T04:46:42.773

SOURCES RELEASE DATE

db:IVDid:a397cc8b-ee17-4faf-8447-e9ee5f57dd12date:2019-05-05T00:00:00
db:CNVDid:CNVD-2019-12904date:2019-05-05T00:00:00
db:VULHUBid:VHN-158003date:2019-04-17T00:00:00
db:BIDid:107842date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003541date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-458date:2019-04-09T00:00:00
db:NVDid:CVE-2019-6568date:2019-04-17T14:29:03.683