ID

VAR-201912-1176


CVE

CVE-2019-13945


TITLE

Siemens SIMATIC S7-1200 CPU Access vulnerability

Trust: 0.8

sources: IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNVD: CNVD-2019-40513

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. SIMATIC S7-1200 CPU family and S7-200 SMART CPU family Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A security hole exists in the Siemens SIMATIC S7-1200 CPU. At the time of advisory publication no public exploitation of this security vulnerability was known

Trust: 3.06

sources: NVD: CVE-2019-13945 // JVNDB: JVNDB-2019-013306 // CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387 // IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387

AFFECTED PRODUCTS

vendor:siemensmodel:s7-1200 cpuscope: - version: -

Trust: 1.2

vendor:siemensmodel:simatic s7-200 smart cpu sr20scope:lteversion:2.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu st40scope:lteversion:2.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu sr30scope:lteversion:2.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu cr40scope:lteversion:2.2.2

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu st30scope:lteversion:2.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu sr60scope:lteversion:2.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu cr30sscope:lteversion:2.3.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu sr40scope:lteversion:2.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu cr60sscope:lteversion:2.3.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu cr40sscope:lteversion:2.3.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu cr60scope:lteversion:2.2.2

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu st20scope:lteversion:2.5.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu cr20sscope:lteversion:2.3.0

Trust: 1.0

vendor:siemensmodel:simatic s7-200 smart cpu st60scope:lteversion:2.5.0

Trust: 1.0

vendor:siemensmodel:s7-200 smartscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-200 smartscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-200 smart cpuscope: - version: -

Trust: 0.6

vendor:simatic s7 1200model: - scope:eqversion:*

Trust: 0.2

vendor:s7 200 smartmodel: - scope:eqversion:*

Trust: 0.2

vendor:siemensmodel:s7-1200 cpuscope:eqversion:*

Trust: 0.2

sources: IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387 // JVNDB: JVNDB-2019-013306 // NVD: CVE-2019-13945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13945
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13945
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-40513
value: HIGH

Trust: 0.6

CNVD: CNVD-2019-46387
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-652
value: MEDIUM

Trust: 0.6

IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19
value: MEDIUM

Trust: 0.2

IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-13945
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-40513
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2019-46387
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13945
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13945
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387 // JVNDB: JVNDB-2019-013306 // CNNVD: CNNVD-201911-652 // NVD: CVE-2019-13945

PROBLEMTYPE DATA

problemtype:CWE-749

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-013306 // NVD: CVE-2019-13945

TYPE

other

Trust: 1.0

sources: IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNNVD: CNNVD-201911-652

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013306

PATCH

title:SSA-686531url:https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC S7-1200 CPU Access Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/189929

Trust: 0.6

title:Siemens SIMATIC S7-200 and S7-1200 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124059

Trust: 0.6

sources: CNVD: CNVD-2019-40513 // JVNDB: JVNDB-2019-013306 // CNNVD: CNNVD-201911-652

EXTERNAL IDS

db:NVDid:CVE-2019-13945

Trust: 3.2

db:SIEMENSid:SSA-686531

Trust: 2.2

db:ICS CERTid:ICSA-19-318-02

Trust: 1.2

db:CNVDid:CNVD-2019-46387

Trust: 0.8

db:CNNVDid:CNNVD-201911-652

Trust: 0.8

db:CNVDid:CNVD-2019-40513

Trust: 0.8

db:JVNDBid:JVNDB-2019-013306

Trust: 0.8

db:AUSCERTid:ESB-2019.4315

Trust: 0.6

db:IVDid:16F26ECD-5B01-4277-9A9C-D934C8DEFB19

Trust: 0.2

db:IVDid:E37402A9-F6CA-43BD-9AE6-72FFB6B98C6F

Trust: 0.2

sources: IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387 // JVNDB: JVNDB-2019-013306 // CNNVD: CNNVD-201911-652 // NVD: CVE-2019-13945

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13945

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-19-318-02

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13945

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-318-02

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-s7-1200-privilege-escalation-via-diagnostic-functionality-30832

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4315/

Trust: 0.6

sources: CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387 // JVNDB: JVNDB-2019-013306 // CNNVD: CNNVD-201911-652 // NVD: CVE-2019-13945

SOURCES

db:IVDid:16f26ecd-5b01-4277-9a9c-d934c8defb19
db:IVDid:e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f
db:CNVDid:CNVD-2019-40513
db:CNVDid:CNVD-2019-46387
db:JVNDBid:JVNDB-2019-013306
db:CNNVDid:CNNVD-201911-652
db:NVDid:CVE-2019-13945

LAST UPDATE DATE

2024-08-14T14:38:40.497000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-40513date:2019-11-14T00:00:00
db:CNVDid:CNVD-2019-46387date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013306date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201911-652date:2020-10-10T00:00:00
db:NVDid:CVE-2019-13945date:2020-10-09T13:35:41.460

SOURCES RELEASE DATE

db:IVDid:16f26ecd-5b01-4277-9a9c-d934c8defb19date:2019-12-20T00:00:00
db:IVDid:e37402a9-f6ca-43bd-9ae6-72ffb6b98c6fdate:2019-11-14T00:00:00
db:CNVDid:CNVD-2019-40513date:2019-11-14T00:00:00
db:CNVDid:CNVD-2019-46387date:2019-12-20T00:00:00
db:JVNDBid:JVNDB-2019-013306date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201911-652date:2019-11-12T00:00:00
db:NVDid:CVE-2019-13945date:2019-12-12T14:15:15.133