ID

VAR-201905-0112


CVE

CVE-2019-6572


TITLE

plural SIMATIC Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004632

DESCRIPTION

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. Multiple Siemens Products are prone to following security vulnerabilities: 1. An information-disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A security vulnerability An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-6572 // JVNDB: JVNDB-2019-004632 // BID: 108412 // VULHUB: VHN-158007

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc \scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp400fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi mpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtimescope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort panelsscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi opscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi tpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi comfort panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp400fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v15.1

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v15

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp mobile panelsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic hmi classic devicesscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional updatescope:neversion:v15.11

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advanced updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:v15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp mobile updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panels updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panels updatescope:neversion:15.11

Trust: 0.3

sources: BID: 108412 // JVNDB: JVNDB-2019-004632 // NVD: CVE-2019-6572

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6572
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6572
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-590
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158007
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6572
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158007
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6572
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-6572
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158007 // JVNDB: JVNDB-2019-004632 // CNNVD: CNNVD-201905-590 // NVD: CVE-2019-6572

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-158007 // JVNDB: JVNDB-2019-004632 // NVD: CVE-2019-6572

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-590

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-590

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004632

PATCH

title:SSA-804486url:https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf

Trust: 0.8

title:Siemens SIMATIC Panels and WinCC Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92740

Trust: 0.6

sources: JVNDB: JVNDB-2019-004632 // CNNVD: CNNVD-201905-590

EXTERNAL IDS

db:ICS CERTid:ICSA-19-134-09

Trust: 2.8

db:NVDid:CVE-2019-6572

Trust: 2.8

db:BIDid:108412

Trust: 2.0

db:SIEMENSid:SSA-804486

Trust: 1.7

db:JVNDBid:JVNDB-2019-004632

Trust: 0.8

db:CNNVDid:CNNVD-201905-590

Trust: 0.7

db:ICS CERTid:ICSA-19-134-02

Trust: 0.6

db:AUSCERTid:ESB-2019.1716.2

Trust: 0.6

db:CNVDid:CNVD-2021-54367

Trust: 0.1

db:VULHUBid:VHN-158007

Trust: 0.1

sources: VULHUB: VHN-158007 // BID: 108412 // JVNDB: JVNDB-2019-004632 // CNNVD: CNNVD-201905-590 // NVD: CVE-2019-6572

REFERENCES

url:http://www.securityfocus.com/bid/108412

Trust: 2.9

url:https://www.us-cert.gov/ics/advisories/icsa-19-134-09

Trust: 2.5

url:https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-6572

Trust: 1.4

url:http://subscriber.communications.siemens.com/

Trust: 0.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-09

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6572

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29288

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80946

Trust: 0.6

sources: VULHUB: VHN-158007 // BID: 108412 // JVNDB: JVNDB-2019-004632 // CNNVD: CNNVD-201905-590 // NVD: CVE-2019-6572

CREDITS

Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens ProductCERT

Trust: 0.6

sources: CNNVD: CNNVD-201905-590

SOURCES

db:VULHUBid:VHN-158007
db:BIDid:108412
db:JVNDBid:JVNDB-2019-004632
db:CNNVDid:CNNVD-201905-590
db:NVDid:CVE-2019-6572

LAST UPDATE DATE

2024-08-14T13:26:20.995000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-158007date:2020-10-06T00:00:00
db:BIDid:108412date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004632date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201905-590date:2020-10-28T00:00:00
db:NVDid:CVE-2019-6572date:2020-10-06T16:18:02.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-158007date:2019-05-14T00:00:00
db:BIDid:108412date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004632date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-590date:2019-05-14T00:00:00
db:NVDid:CVE-2019-6572date:2019-05-14T20:29:04.200