ID

VAR-201905-0114


CVE

CVE-2019-6576


TITLE

plural SIMATIC Cryptographic vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004633

DESCRIPTION

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known. plural SIMATIC The product contains cryptographic vulnerabilities.Information may be obtained. Multiple Siemens Products are prone to following security vulnerabilities: 1. An information-disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A security vulnerability An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use

Trust: 1.98

sources: NVD: CVE-2019-6576 // JVNDB: JVNDB-2019-004633 // BID: 108412 // VULHUB: VHN-158011

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc \scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp400fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi mpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtimescope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort panelsscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi opscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi tpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi comfort panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp400fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v15.1

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v15

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp mobile panelsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic hmi classic devicesscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional updatescope:neversion:v15.11

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advanced updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:v15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp mobile updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panels updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panels updatescope:neversion:15.11

Trust: 0.3

sources: BID: 108412 // JVNDB: JVNDB-2019-004633 // NVD: CVE-2019-6576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6576
value: HIGH

Trust: 1.0

NVD: CVE-2019-6576
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-589
value: HIGH

Trust: 0.6

VULHUB: VHN-158011
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6576
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158011
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6576
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-158011 // JVNDB: JVNDB-2019-004633 // CNNVD: CNNVD-201905-589 // NVD: CVE-2019-6576

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-158011 // JVNDB: JVNDB-2019-004633 // NVD: CVE-2019-6576

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-589

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-589

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004633

PATCH

title:SSA-804486url:https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf

Trust: 0.8

title:Siemens SIMATIC Panels and WinCC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92739

Trust: 0.6

sources: JVNDB: JVNDB-2019-004633 // CNNVD: CNNVD-201905-589

EXTERNAL IDS

db:ICS CERTid:ICSA-19-134-09

Trust: 2.8

db:NVDid:CVE-2019-6576

Trust: 2.8

db:BIDid:108412

Trust: 2.0

db:SIEMENSid:SSA-804486

Trust: 1.7

db:JVNDBid:JVNDB-2019-004633

Trust: 0.8

db:CNNVDid:CNNVD-201905-589

Trust: 0.7

db:ICS CERTid:ICSA-19-134-02

Trust: 0.6

db:AUSCERTid:ESB-2019.1716.2

Trust: 0.6

db:CNVDid:CNVD-2021-54366

Trust: 0.1

db:VULHUBid:VHN-158011

Trust: 0.1

sources: VULHUB: VHN-158011 // BID: 108412 // JVNDB: JVNDB-2019-004633 // CNNVD: CNNVD-201905-589 // NVD: CVE-2019-6576

REFERENCES

url:http://www.securityfocus.com/bid/108412

Trust: 2.3

url:https://www.us-cert.gov/ics/advisories/icsa-19-134-09

Trust: 1.9

url:https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-6576

Trust: 1.4

url:http://subscriber.communications.siemens.com/

Trust: 0.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-09

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6576

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29288

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80946

Trust: 0.6

sources: VULHUB: VHN-158011 // BID: 108412 // JVNDB: JVNDB-2019-004633 // CNNVD: CNNVD-201905-589 // NVD: CVE-2019-6576

CREDITS

Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens ProductCERT

Trust: 0.6

sources: CNNVD: CNNVD-201905-589

SOURCES

db:VULHUBid:VHN-158011
db:BIDid:108412
db:JVNDBid:JVNDB-2019-004633
db:CNNVDid:CNNVD-201905-589
db:NVDid:CVE-2019-6576

LAST UPDATE DATE

2024-08-14T13:26:21.814000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-158011date:2019-05-22T00:00:00
db:BIDid:108412date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004633date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201905-589date:2019-06-20T00:00:00
db:NVDid:CVE-2019-6576date:2019-05-22T16:29:01.680

SOURCES RELEASE DATE

db:VULHUBid:VHN-158011date:2019-05-14T00:00:00
db:BIDid:108412date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004633date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-589date:2019-05-14T00:00:00
db:NVDid:CVE-2019-6576date:2019-05-14T20:29:04.560