Executive Summary

Informations
NameCVE-2019-6575First vendor Publication2019-04-17
VendorCveLast vendor Modification2019-05-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score7.8Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions >= V2.5), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SINEC-NMS (All versions), SINEMA Server (All versions), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6575

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application1
Application1
Application1
Application1
Application1
Application1
Application1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Os1
Os1
Os1
Os1
Os1
Os1
Os4
Os2
Os2
Os2

Sources (Detail)

SourceUrl
MISC https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-05-15 05:19:15
  • Multiple Updates
2019-04-19 21:19:32
  • Multiple Updates
2019-04-18 21:19:12
  • Multiple Updates
2019-04-17 21:19:25
  • First insertion