Details of VAR-201912-1176

ID

VAR-201912-1176

CVE

CVE-2019-13945

TITLE

Siemens SIMATIC S7-1200 CPU Access vulnerability

Trust: 0.8

sources: IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNVD: CNVD-2019-40513

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. SIMATIC S7-1200 CPU family and S7-200 SMART CPU family Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A security hole exists in the Siemens SIMATIC S7-1200 CPU. At the time of advisory publication no public exploitation of this security vulnerability was known

Trust: 3.06

sources: NVD: CVE-2019-13945 // JVNDB: JVNDB-2019-013306 // CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387 // IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f

IOT TAXONOMY

category:	['ICS']	sub_category:	-	Trust: 1.0
category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6

sources: IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387

AFFECTED PRODUCTS

vendor:	siemens	model:	s7-1200 cpu	scope:	-	version:	-	Trust: 1.2
vendor:	siemens	model:	simatic s7-200 smart cpu sr20	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu st40	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu sr30	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu cr40	scope:	lte	version:	2.2.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu st30	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu sr60	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu cr30s	scope:	lte	version:	2.3.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu sr40	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu cr60s	scope:	lte	version:	2.3.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu cr40s	scope:	lte	version:	2.3.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu cr60	scope:	lte	version:	2.2.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu st20	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu cr20s	scope:	lte	version:	2.3.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-200 smart cpu st60	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	siemens	model:	s7-200 smart	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-200 smart	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-200 smart cpu	scope:	-	version:	-	Trust: 0.6
vendor:	simatic s7 1200	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	s7 200 smart	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	siemens	model:	s7-1200 cpu	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387 // JVNDB: JVNDB-2019-013306 // NVD: CVE-2019-13945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13945
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-13945
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-40513
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2019-46387
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201911-652
value:	MEDIUM
Trust: 0.6
IVD:	16f26ecd-5b01-4277-9a9c-d934c8defb19
value:	MEDIUM
Trust: 0.2
IVD:	e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-13945
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-40513
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2019-46387
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	16f26ecd-5b01-4277-9a9c-d934c8defb19
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-13945
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13945
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

PROBLEMTYPE DATA

problemtype:	CWE-749	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-013306 // NVD: CVE-2019-13945

TYPE

other

Trust: 1.0

sources: IVD: 16f26ecd-5b01-4277-9a9c-d934c8defb19 // IVD: e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f // CNNVD: CNNVD-201911-652

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013306

PATCH

title:	SSA-686531	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC S7-1200 CPU Access Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/189929	Trust: 0.6
title:	Siemens SIMATIC S7-200 and S7-1200 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124059	Trust: 0.6

sources: CNVD: CNVD-2019-40513 // JVNDB: JVNDB-2019-013306 // CNNVD: CNNVD-201911-652

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13945	Trust: 3.2
db:	SIEMENS	id:	SSA-686531	Trust: 2.2
db:	ICS CERT	id:	ICSA-19-318-02	Trust: 1.2
db:	CNVD	id:	CNVD-2019-46387	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-652	Trust: 0.8
db:	CNVD	id:	CNVD-2019-40513	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013306	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.4315	Trust: 0.6
db:	IVD	id:	16F26ECD-5B01-4277-9A9C-D934C8DEFB19	Trust: 0.2
db:	IVD	id:	E37402A9-F6CA-43BD-9AE6-72FFB6B98C6F	Trust: 0.2

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13945	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-19-318-02	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13945	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-318-02	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-simatic-s7-1200-privilege-escalation-via-diagnostic-functionality-30832	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4315/	Trust: 0.6

sources: CNVD: CNVD-2019-40513 // CNVD: CNVD-2019-46387 // JVNDB: JVNDB-2019-013306 // CNNVD: CNNVD-201911-652 // NVD: CVE-2019-13945

SOURCES

db:	IVD	id:	16f26ecd-5b01-4277-9a9c-d934c8defb19
db:	IVD	id:	e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f
db:	CNVD	id:	CNVD-2019-40513
db:	CNVD	id:	CNVD-2019-46387
db:	JVNDB	id:	JVNDB-2019-013306
db:	CNNVD	id:	CNNVD-201911-652
db:	NVD	id:	CVE-2019-13945

LAST UPDATE DATE

2024-08-14T14:38:40.497000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-40513	date:	2019-11-14T00:00:00
db:	CNVD	id:	CNVD-2019-46387	date:	2019-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-013306	date:	2019-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201911-652	date:	2020-10-10T00:00:00
db:	NVD	id:	CVE-2019-13945	date:	2020-10-09T13:35:41.460

SOURCES RELEASE DATE

db:	IVD	id:	16f26ecd-5b01-4277-9a9c-d934c8defb19	date:	2019-12-20T00:00:00
db:	IVD	id:	e37402a9-f6ca-43bd-9ae6-72ffb6b98c6f	date:	2019-11-14T00:00:00
db:	CNVD	id:	CNVD-2019-40513	date:	2019-11-14T00:00:00
db:	CNVD	id:	CNVD-2019-46387	date:	2019-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-013306	date:	2019-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201911-652	date:	2019-11-12T00:00:00
db:	NVD	id:	CVE-2019-13945	date:	2019-12-12T14:15:15.133