ID

VAR-201908-1835


CVE

CVE-2019-10929


TITLE

SIMATICS7-1200 and SIMATICS7-1500CPU families Man-in-the-middle attack vulnerability

Trust: 0.8

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices. plural SIMATIC The product contains an access control vulnerability.Information may be tampered with. The Simatic S7-1200 CPU and Simatic S7-1500 CPU series are discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A man-in-the-middle attack vulnerability exists in the SIMATICS7-1200 and SIMATICS7-1500CPU families. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication. Both Siemens SIMATIC S7-1500 CPU and Siemens SIMATIC S7-1200 are products of Siemens, Germany. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 2.52

sources: NVD: CVE-2019-10929 // JVNDB: JVNDB-2019-008096 // CNVD: CNVD-2019-27647 // IVD: dd013399-7645-48ff-9360-e9388bbf86bb // VULHUB: VHN-142524 // VULMON: CVE-2019-10929

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647

AFFECTED PRODUCTS

vendor:siemensmodel:simatic hmi panelscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope:lteversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-plcsim advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope:lteversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic winccscope:ltversion:16

Trust: 1.0

vendor:siemensmodel:simatic wincc open architecturescope:lteversion:3.15

Trust: 1.0

vendor:siemensmodel:simatic step 7scope:ltversion:16

Trust: 1.0

vendor:siemensmodel:simatic s7-1500scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.16

Trust: 1.0

vendor:siemensmodel:simatic cp 1626scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic tim 1531 ircscope:ltversion:2.1

Trust: 1.0

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pc2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtimescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope:lteversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope:lteversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pcscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic net pcscope:ltversion:16

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope:lteversion:4.0

Trust: 1.0

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pcscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pc2scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1500 cpu 1511cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1500 cpu 1512cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1500 cpu 1518scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1500 software controllerscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 cpu familyscope:gteversion:v4.0

Trust: 0.6

vendor:siemensmodel:simatic et 200sp open controller cpu1515sp pcscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et 200sp open controller cpu1515sp pc2scope: - version: -

Trust: 0.6

vendor:simatic et 200sp open controller cpu 1515sp pcmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500 cpu 1512cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 plcsim advancedmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200sp open controller cpu 1515sp pc2model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpu 1211cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpu 1212cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpu 1214cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpu 1215cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpu 1217cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500 cpu 1518model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500 cpu 1511cmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647 // JVNDB: JVNDB-2019-008096 // NVD: CVE-2019-10929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10929
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10929
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-27647
value: LOW

Trust: 0.6

CNNVD: CNNVD-201908-895
value: MEDIUM

Trust: 0.6

IVD: dd013399-7645-48ff-9360-e9388bbf86bb
value: MEDIUM

Trust: 0.2

VULHUB: VHN-142524
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-10929
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10929
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-27647
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: dd013399-7645-48ff-9360-e9388bbf86bb
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142524
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10929
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10929
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647 // VULHUB: VHN-142524 // VULMON: CVE-2019-10929 // JVNDB: JVNDB-2019-008096 // CNNVD: CNNVD-201908-895 // NVD: CVE-2019-10929

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-327

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-142524 // JVNDB: JVNDB-2019-008096 // NVD: CVE-2019-10929

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-895

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-895

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008096

PATCH

title:SSA-232418url:https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf

Trust: 0.8

title:Patch for SIMATICS7-1200 and SIMATICS7-1500CPU families man-in-the-middle attack vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/175015

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=7a126d1ac7ee4b775c023b2d29df4c13

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=5ddd1615249b07f58d59e46a99a2022a

Trust: 0.1

title: - url:https://github.com/Esamgold/SIEMENS-S7-PLCs-attacks

Trust: 0.1

sources: CNVD: CNVD-2019-27647 // VULMON: CVE-2019-10929 // JVNDB: JVNDB-2019-008096

EXTERNAL IDS

db:NVDid:CVE-2019-10929

Trust: 3.4

db:ICS CERTid:ICSA-19-344-04

Trust: 2.6

db:SIEMENSid:SSA-232418

Trust: 2.4

db:SIEMENSid:SSA-273799

Trust: 1.8

db:CNNVDid:CNNVD-201908-895

Trust: 0.9

db:CNVDid:CNVD-2019-27647

Trust: 0.8

db:ICS CERTid:ICSA-19-344-06

Trust: 0.8

db:JVNDBid:JVNDB-2019-008096

Trust: 0.8

db:AUSCERTid:ESB-2019.4623

Trust: 0.6

db:IVDid:DD013399-7645-48FF-9360-E9388BBF86BB

Trust: 0.2

db:VULHUBid:VHN-142524

Trust: 0.1

db:VULMONid:CVE-2019-10929

Trust: 0.1

sources: IVD: dd013399-7645-48ff-9360-e9388bbf86bb // CNVD: CNVD-2019-27647 // VULHUB: VHN-142524 // VULMON: CVE-2019-10929 // JVNDB: JVNDB-2019-008096 // CNNVD: CNNVD-201908-895 // NVD: CVE-2019-10929

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-344-04

Trust: 3.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-10929

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10929

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-19-344-06

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-344-04

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-man-in-the-middle-via-102-tcp-31129

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-two-vulnerabilities-30052

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4623/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/327.html

Trust: 0.1

url:https://github.com/esamgold/siemens-s7-plcs-attacks

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-19-344-04

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111167

Trust: 0.1

sources: CNVD: CNVD-2019-27647 // VULHUB: VHN-142524 // VULMON: CVE-2019-10929 // JVNDB: JVNDB-2019-008096 // CNNVD: CNNVD-201908-895 // NVD: CVE-2019-10929

CREDITS

Eli Biham, Sara Bitan, and Alon Dankner from Faculty of Computer Science, Technion Haifa, reported this vulnerability to Siemens., Aviad Carmel

Trust: 0.6

sources: CNNVD: CNNVD-201908-895

SOURCES

db:IVDid:dd013399-7645-48ff-9360-e9388bbf86bb
db:CNVDid:CNVD-2019-27647
db:VULHUBid:VHN-142524
db:VULMONid:CVE-2019-10929
db:JVNDBid:JVNDB-2019-008096
db:CNNVDid:CNNVD-201908-895
db:NVDid:CVE-2019-10929

LAST UPDATE DATE

2024-08-14T15:23:01.632000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-27647date:2019-08-15T00:00:00
db:VULHUBid:VHN-142524date:2020-10-02T00:00:00
db:VULMONid:CVE-2019-10929date:2022-08-10T00:00:00
db:JVNDBid:JVNDB-2019-008096date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201908-895date:2022-08-11T00:00:00
db:NVDid:CVE-2019-10929date:2022-08-10T20:28:17.647

SOURCES RELEASE DATE

db:IVDid:dd013399-7645-48ff-9360-e9388bbf86bbdate:2019-08-15T00:00:00
db:CNVDid:CNVD-2019-27647date:2019-08-14T00:00:00
db:VULHUBid:VHN-142524date:2019-08-13T00:00:00
db:VULMONid:CVE-2019-10929date:2019-08-13T00:00:00
db:JVNDBid:JVNDB-2019-008096date:2019-08-26T00:00:00
db:CNNVDid:CNNVD-201908-895date:2019-08-13T00:00:00
db:NVDid:CVE-2019-10929date:2019-08-13T19:15:14.860