Details of VAR-201908-1835

ID

VAR-201908-1835

CVE

CVE-2019-10929

TITLE

SIMATICS7-1200 and SIMATICS7-1500CPU families Man-in-the-middle attack vulnerability

Trust: 0.8

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices. plural SIMATIC The product contains an access control vulnerability.Information may be tampered with. The Simatic S7-1200 CPU and Simatic S7-1500 CPU series are discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A man-in-the-middle attack vulnerability exists in the SIMATICS7-1200 and SIMATICS7-1500CPU families. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication. Both Siemens SIMATIC S7-1500 CPU and Siemens SIMATIC S7-1200 are products of Siemens, Germany. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 2.52

sources: NVD: CVE-2019-10929 // JVNDB: JVNDB-2019-008096 // CNVD: CNVD-2019-27647 // IVD: dd013399-7645-48ff-9360-e9388bbf86bb // VULHUB: VHN-142524 // VULMON: CVE-2019-10929

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic hmi panel	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	lte	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	lte	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1512c	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	16	Trust: 1.0
vendor:	siemens	model:	simatic wincc open architecture	scope:	lte	version:	3.15	Trust: 1.0
vendor:	siemens	model:	simatic step 7	scope:	lt	version:	16	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic wincc open architecture	scope:	eq	version:	3.16	Trust: 1.0
vendor:	siemens	model:	simatic cp 1626	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic tim 1531 irc	scope:	lt	version:	2.1	Trust: 1.0
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic wincc runtime	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511c	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	lte	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	lte	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic net pc	scope:	lt	version:	16	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	lte	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic et 200 sp open controller cpu 1515sp pc	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic et 200 sp open controller cpu 1515sp pc2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500 cpu 1511c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500 cpu 1512c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500 cpu 1518	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 cpu family	scope:	gte	version:	v4.0	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu1515sp pc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu1515sp pc2	scope:	-	version:	-	Trust: 0.6
vendor:	simatic et 200sp open controller cpu 1515sp pc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500 cpu 1512c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 plcsim advanced	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic et 200sp open controller cpu 1515sp pc2	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1211c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1212c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1214c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1215c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1217c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500 cpu 1518	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500 cpu 1511c	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647 // JVNDB: JVNDB-2019-008096 // NVD: CVE-2019-10929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10929
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10929
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-27647
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201908-895
value:	MEDIUM
Trust: 0.6
IVD:	dd013399-7645-48ff-9360-e9388bbf86bb
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-142524
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-10929
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10929
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-27647
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	dd013399-7645-48ff-9360-e9388bbf86bb
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-142524
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10929
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10929
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647 // VULHUB: VHN-142524 // VULMON: CVE-2019-10929 // JVNDB: JVNDB-2019-008096 // CNNVD: CNNVD-201908-895 // NVD: CVE-2019-10929

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-327	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-142524 // JVNDB: JVNDB-2019-008096 // NVD: CVE-2019-10929

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-895

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-895

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008096

PATCH

title:	SSA-232418	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf	Trust: 0.8
title:	Patch for SIMATICS7-1200 and SIMATICS7-1500CPU families man-in-the-middle attack vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/175015	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=7a126d1ac7ee4b775c023b2d29df4c13	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=5ddd1615249b07f58d59e46a99a2022a	Trust: 0.1
title:	-	url:	https://github.com/Esamgold/SIEMENS-S7-PLCs-attacks	Trust: 0.1

sources: CNVD: CNVD-2019-27647 // VULMON: CVE-2019-10929 // JVNDB: JVNDB-2019-008096

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10929	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-344-04	Trust: 2.6
db:	SIEMENS	id:	SSA-232418	Trust: 2.4
db:	SIEMENS	id:	SSA-273799	Trust: 1.8
db:	CNNVD	id:	CNNVD-201908-895	Trust: 0.9
db:	CNVD	id:	CNVD-2019-27647	Trust: 0.8
db:	ICS CERT	id:	ICSA-19-344-06	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-008096	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.4623	Trust: 0.6
db:	IVD	id:	DD013399-7645-48FF-9360-E9388BBF86BB	Trust: 0.2
db:	VULHUB	id:	VHN-142524	Trust: 0.1
db:	VULMON	id:	CVE-2019-10929	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-344-04	Trust: 3.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf	Trust: 2.4
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10929	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10929	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-344-06	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-344-04	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-simatic-man-in-the-middle-via-102-tcp-31129	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-two-vulnerabilities-30052	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4623/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/327.html	Trust: 0.1
url:	https://github.com/esamgold/siemens-s7-plcs-attacks	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-19-344-04	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111167	Trust: 0.1

sources: CNVD: CNVD-2019-27647 // VULHUB: VHN-142524 // VULMON: CVE-2019-10929 // JVNDB: JVNDB-2019-008096 // CNNVD: CNNVD-201908-895 // NVD: CVE-2019-10929

CREDITS

Eli Biham, Sara Bitan, and Alon Dankner from Faculty of Computer Science, Technion Haifa, reported this vulnerability to Siemens., Aviad Carmel

Trust: 0.6

sources: CNNVD: CNNVD-201908-895

SOURCES

db:	IVD	id:	dd013399-7645-48ff-9360-e9388bbf86bb
db:	CNVD	id:	CNVD-2019-27647
db:	VULHUB	id:	VHN-142524
db:	VULMON	id:	CVE-2019-10929
db:	JVNDB	id:	JVNDB-2019-008096
db:	CNNVD	id:	CNNVD-201908-895
db:	NVD	id:	CVE-2019-10929

LAST UPDATE DATE

2024-08-14T15:23:01.632000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-27647	date:	2019-08-15T00:00:00
db:	VULHUB	id:	VHN-142524	date:	2020-10-02T00:00:00
db:	VULMON	id:	CVE-2019-10929	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-008096	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201908-895	date:	2022-08-11T00:00:00
db:	NVD	id:	CVE-2019-10929	date:	2022-08-10T20:28:17.647

SOURCES RELEASE DATE

db:	IVD	id:	dd013399-7645-48ff-9360-e9388bbf86bb	date:	2019-08-15T00:00:00
db:	CNVD	id:	CNVD-2019-27647	date:	2019-08-14T00:00:00
db:	VULHUB	id:	VHN-142524	date:	2019-08-13T00:00:00
db:	VULMON	id:	CVE-2019-10929	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-008096	date:	2019-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201908-895	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-10929	date:	2019-08-13T19:15:14.860