Details of VAR-201908-1838

ID

VAR-201908-1838

CVE

CVE-2019-10943

TITLE

plural SIMATIC Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008098

DESCRIPTION

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. plural SIMATIC The product contains an access control vulnerability.Information may be tampered with. The Simatic S7-1200 CPU and Simatic S7-1500 CPU series are discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A man-in-the-middle attack vulnerability exists in the SIMATICS7-1200 and SIMATICS7-1500CPU families. A vulnerability has been identified in SIMATIC ET200SP (incl. No public exploitation of the vulnerability was known at the time of advisory publication. Both Siemens SIMATIC S7-1500 CPU and Siemens SIMATIC S7-1200 are products of Siemens, Germany. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 2.43

sources: NVD: CVE-2019-10943 // JVNDB: JVNDB-2019-008098 // CNVD: CNVD-2019-27700 // IVD: f259ba44-659c-4896-9e72-76a889fc2aca // VULHUB: VHN-142540

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: f259ba44-659c-4896-9e72-76a889fc2aca // CNVD: CNVD-2019-27700

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1500 cpu 1518	scope:	lt	version:	2.8.1	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	lt	version:	4.4	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1512c	scope:	lt	version:	2.8.1	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	lt	version:	4.4	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	lt	version:	20.8	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	lt	version:	4.4	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	lt	version:	4.4	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511c	scope:	lt	version:	2.8.1	Trust: 1.0
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	lt	version:	4.4	Trust: 1.0
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc2	scope:	lt	version:	20.8	Trust: 1.0
vendor:	siemens	model:	simatic s7 plcsim advanced	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	simatic et 200 sp open controller cpu 1515sp pc	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic et 200 sp open controller cpu 1515sp pc2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500 cpu 1511c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500 cpu 1512c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500 cpu 1518	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 cpu family	scope:	gte	version:	v4.0	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu1515sp pc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic et 200sp open controller cpu1515sp pc2	scope:	-	version:	-	Trust: 0.6
vendor:	simatic et 200sp open controller cpu 1515sp pc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500 cpu 1512c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 plcsim advanced	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic et 200sp open controller cpu 1515sp pc2	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1211c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1212c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1214c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1215c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1200 cpu 1217c	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500 cpu 1518	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic s7 1500 cpu 1511c	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: f259ba44-659c-4896-9e72-76a889fc2aca // CNVD: CNVD-2019-27700 // JVNDB: JVNDB-2019-008098 // NVD: CVE-2019-10943

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10943
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10943
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-27700
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-899
value:	HIGH
Trust: 0.6
IVD:	f259ba44-659c-4896-9e72-76a889fc2aca
value:	HIGH
Trust: 0.2
VULHUB:	VHN-142540
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10943
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-27700
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f259ba44-659c-4896-9e72-76a889fc2aca
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-142540
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10943
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10943
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: f259ba44-659c-4896-9e72-76a889fc2aca // CNVD: CNVD-2019-27700 // VULHUB: VHN-142540 // JVNDB: JVNDB-2019-008098 // CNNVD: CNNVD-201908-899 // NVD: CVE-2019-10943

PROBLEMTYPE DATA

problemtype:	CWE-345	Trust: 1.1
problemtype:	CWE-353	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-142540 // JVNDB: JVNDB-2019-008098 // NVD: CVE-2019-10943

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-899

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201908-899

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008098

PATCH

title:	SSA-232418	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf	Trust: 0.8
title:	Patch for SIMATICS7-1200 and SIMATICS7-1500CPU families permission access vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/175779	Trust: 0.6

sources: CNVD: CNVD-2019-27700 // JVNDB: JVNDB-2019-008098

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10943	Trust: 3.3
db:	SIEMENS	id:	SSA-232418	Trust: 2.3
db:	ICS CERT	id:	ICSA-19-344-06	Trust: 1.4
db:	CNNVD	id:	CNNVD-201908-899	Trust: 0.9
db:	CNVD	id:	CNVD-2019-27700	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-008098	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.4621	Trust: 0.6
db:	IVD	id:	F259BA44-659C-4896-9E72-76A889FC2ACA	Trust: 0.2
db:	VULHUB	id:	VHN-142540	Trust: 0.1

sources: IVD: f259ba44-659c-4896-9e72-76a889fc2aca // CNVD: CNVD-2019-27700 // VULHUB: VHN-142540 // JVNDB: JVNDB-2019-008098 // CNNVD: CNNVD-201908-899 // NVD: CVE-2019-10943

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf	Trust: 2.3
url:	https://www.us-cert.gov/ics/advisories/icsa-19-344-06	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10943	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10943	Trust: 0.8
url:	https://vigilance.fr/vulnerability/simatic-two-vulnerabilities-30052	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4621/	Trust: 0.6

sources: CNVD: CNVD-2019-27700 // VULHUB: VHN-142540 // JVNDB: JVNDB-2019-008098 // CNNVD: CNNVD-201908-899 // NVD: CVE-2019-10943

SOURCES

db:	IVD	id:	f259ba44-659c-4896-9e72-76a889fc2aca
db:	CNVD	id:	CNVD-2019-27700
db:	VULHUB	id:	VHN-142540
db:	JVNDB	id:	JVNDB-2019-008098
db:	CNNVD	id:	CNNVD-201908-899
db:	NVD	id:	CVE-2019-10943

LAST UPDATE DATE

2024-08-14T15:23:01.595000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-27700	date:	2019-08-30T00:00:00
db:	VULHUB	id:	VHN-142540	date:	2020-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-008098	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201908-899	date:	2022-08-11T00:00:00
db:	NVD	id:	CVE-2019-10943	date:	2022-08-10T20:28:13.013

SOURCES RELEASE DATE

db:	IVD	id:	f259ba44-659c-4896-9e72-76a889fc2aca	date:	2019-08-15T00:00:00
db:	CNVD	id:	CNVD-2019-27700	date:	2019-08-15T00:00:00
db:	VULHUB	id:	VHN-142540	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-008098	date:	2019-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201908-899	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-10943	date:	2019-08-13T19:15:15.530