admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE updates for Siemens-AD-2019-10

Browse Source
This commit is contained in:
Siemens ProductCERT 2019-10-10 12:15:35 +02:00
parent 56f83144be
commit 4e6e8e13f0
10 changed files with 1040 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
2018/4xxx/CVE-2018-4843.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-4843",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4843",
"ASSIGNER": "productcert@siemens.com"
},
"cve_id": "CVE-2018-4843",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
@ -125,11 +125,11 @@
}
},
{
"product_name": "SIMATIC WinAC RTX 2010 incl. F",
"product_name": "SIMATIC WinAC RTX (F) 2010",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < SIMATIC WinAC RTX 2010 SP3"
}
]
}
@ -166,7 +166,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
"value": "Improper Input Validation"
}
]
}
@ -175,9 +175,7 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
}
]
},
@ -185,7 +183,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions < V3.X.16), SIMATIC S7-400 H V6 (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected."
"value": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions < V3.X.16), SIMATIC S7-400 H V6 (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system.\n\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected."
}
]
}

13
2019/10xxx/CVE-2019-10916.json
View File

@ -69,7 +69,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V14 SP1 Upd 9"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V15.1 Upd 3"
}
]
}
@ -99,7 +99,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V14.1 Upd 11"
"version_value": "All versions < V14.1 Upd 8"
}
]
}
@ -175,9 +175,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -185,7 +184,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server.\n\nThe vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

13
2019/10xxx/CVE-2019-10917.json
View File

@ -69,7 +69,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V14 SP1 Upd 9"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V15.1 Upd 3"
}
]
}
@ -99,7 +99,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V14.1 Upd 11"
"version_value": "All versions < V14.1 Upd 8"
}
]
}
@ -175,9 +175,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -185,7 +184,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded.\n\nSuccessful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

13
2019/10xxx/CVE-2019-10918.json
View File

@ -69,7 +69,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V14 SP1 Upd 9"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V15.1 Upd 3"
}
]
}
@ -99,7 +99,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V14.1 Upd 11"
"version_value": "All versions < V14.1 Upd 8"
}
]
}
@ -175,9 +175,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -185,7 +184,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges.\n\nThe vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

365
2019/10xxx/CVE-2019-10923.json
View File

@ -1,17 +1,370 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "CP1604",
"version": {
"version_data": [
{
"version_value": "All versions < V2.8"
}
]
}
},
{
"product_name": "CP1616",
"version": {
"version_data": [
{
"version_value": "All versions < V2.8"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.1 Patch 05"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"version": {
"version_data": [
{
"version_value": "All versions < V4.5.0 Patch 01"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"version": {
"version_data": [
{
"version_value": "All versions < V4.5.0"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT",
"version": {
"version_data": [
{
"version_value": "All versions < V5.2.1"
}
]
}
},
{
"product_name": "SIMATIC ET 200M",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200S",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200pro",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-300 CPU family (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 (incl. F) V6 and below",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinAC RTX (F) 2010",
"version": {
"version_data": [
{
"version_value": "All versions < SIMATIC WinAC RTX 2010 SP3"
}
]
}
},
{
"product_name": "SIMOTION",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS DCM",
"version": {
"version_data": [
{
"version_value": "All versions < V1.5 HF1"
}
]
}
},
{
"product_name": "SINAMICS DCP",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G110M V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP10 HF5"
}
]
}
},
{
"product_name": "SINAMICS G120 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP10 HF5"
}
]
}
},
{
"product_name": "SINAMICS G130 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 HF29"
}
]
}
},
{
"product_name": "SINAMICS G150 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8"
}
]
}
},
{
"product_name": "SINAMICS GH150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GL150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GM150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S110 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S120 V4.7 (Control Unit and CBE20)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 HF34"
}
]
}
},
{
"product_name": "SINAMICS S150 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8"
}
]
}
},
{
"product_name": "SINAMICS SL150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM120 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK 828D",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP5"
}
]
}
},
{
"product_name": "SINUMERIK 840D sl",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation.\n\nThe security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations."
}
]
}

13
2019/10xxx/CVE-2019-10935.json
View File

@ -69,7 +69,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V14 SP1 Upd 9"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V15.1 Upd 3"
}
]
}
@ -99,7 +99,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1 Upd 8"
"version_value": "All versions < V14.1 Upd 8"
}
]
}
@ -175,9 +175,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
}
]
},
@ -185,7 +184,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions), SIMATIC WinCC Professional (TIA Portal V15) (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code.\n\nThe security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device.\n\nAt the stage of publishing this security advisory no public exploitation is known."
}
]
}

525
2019/10xxx/CVE-2019-10936.json
View File

@ -1,17 +1,530 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CFU PA",
"version": {
"version_data": [
{
"version_value": "All versions < V1.2.0"
}
]
}
},
{
"product_name": "SIMATIC ET 200AL",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200M",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200MP IM 155-5 PN BA",
"version": {
"version_data": [
{
"version_value": "All versions < V4.2.3"
}
]
}
},
{
"product_name": "SIMATIC ET 200MP IM 155-5 PN HF",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200MP IM 155-5 PN ST",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200S",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN BA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN HA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN HF",
"version": {
"version_data": [
{
"version_value": "All versions < V4.2.2"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN HS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN ST",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
"version": {
"version_data": [
{
"version_value": "All versions < V4.2.2"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
"version": {
"version_data": [
{
"version_value": "All versions < V4.2.1"
}
]
}
},
{
"product_name": "SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200pro",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PN/PN Coupler",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PROFINET Driver",
"version": {
"version_data": [
{
"version_value": "All versions < V2.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions < V2.0"
}
]
}
},
{
"product_name": "SIMATIC S7-300 CPU family (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 V6 (incl F) and below",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400H V6",
"version": {
"version_data": [
{
"version_value": "All versions < V6.0.9"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V8",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinAC RTX (F) 2010",
"version": {
"version_data": [
{
"version_value": "All versions < SIMATIC WinAC RTX 2010 SP3"
}
]
}
},
{
"product_name": "SINAMICS DCM",
"version": {
"version_data": [
{
"version_value": "All versions < V1.5 HF1"
}
]
}
},
{
"product_name": "SINAMICS DCP",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G110M V4.7 (PN Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP10 HF5"
}
]
}
},
{
"product_name": "SINAMICS G120 V4.7 (PN Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP10 HF5"
}
]
}
},
{
"product_name": "SINAMICS G130 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G150 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GH150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GL150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GM150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S110 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S120 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S150 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SL150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM120 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK 828D",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP5"
}
]
}
},
{
"product_name": "SINUMERIK 840D sl",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.2.3), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G150 (Control Unit) (All versions), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

61
2019/13xxx/CVE-2019-13921.json Normal file
View File

@ -0,0 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-13921",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinAC RTX (F) 2010",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-410: Insufficient Resource Pool"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}

61
2019/13xxx/CVE-2019-13929.json Normal file
View File

@ -0,0 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-13929",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC IT UADM",
"version": {
"version_data": [
{
"version_value": "All versions < V1.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station.\n\nThe security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}

14
2019/6xxx/CVE-2019-6568.json
View File

@ -285,11 +285,11 @@
}
},
{
"product_name": "SIMATIC WinAC RTX 2010",
"product_name": "SIMATIC WinAC RTX (F) 2010",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < SIMATIC WinAC RTX 2010 SP3"
}
]
}
@ -644,15 +644,9 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
}
]
},
@ -660,7 +654,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF185C (All versions < V1.1.0), SIMATIC RF186C (All versions < V1.1.0), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (All versions < V2.6.1), SIMATIC S7-1500 Software Controller (All versions < V2.7), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V2.0 SP1 UPD1), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (Control Unit) (All versions), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G130 V4.7 SP1 (Control Unit) (All versions), SINAMICS G130 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G130 V5.1 (Control Unit) (All versions), SINAMICS G130 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (Control Unit) (All versions), SINAMICS G150 V4.7 (Control Unit) (All versions), SINAMICS G150 V4.7 SP1 (Control Unit) (All versions), SINAMICS G150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G150 V5.1 (Control Unit) (All versions), SINAMICS G150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S120 V4.7 SP1 (Control Unit) (All versions), SINAMICS S120 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S120 V5.1 (Control Unit) (All versions), SINAMICS S120 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (Control Unit) (All versions), SINAMICS S150 V4.7 (Control Unit) (All versions), SINAMICS S150 V4.7 SP1 (Control Unit) (All versions), SINAMICS S150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S150 V5.1 (Control Unit) (All versions), SINAMICS S150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (Control Unit) (All versions), SINAMICS S210 V5.1 SP1 (Control Unit) (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF185C (All versions < V1.1.0), SIMATIC RF186C (All versions < V1.1.0), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (All versions < V2.6.1), SIMATIC S7-1500 Software Controller (All versions < V2.7), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V2.0 SP1 UPD1), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (Control Unit) (All versions), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G130 V4.7 SP1 (Control Unit) (All versions), SINAMICS G130 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G130 V5.1 (Control Unit) (All versions), SINAMICS G130 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (Control Unit) (All versions), SINAMICS G150 V4.7 (Control Unit) (All versions), SINAMICS G150 V4.7 SP1 (Control Unit) (All versions), SINAMICS G150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G150 V5.1 (Control Unit) (All versions), SINAMICS G150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S120 V4.7 SP1 (Control Unit) (All versions), SINAMICS S120 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S120 V5.1 (Control Unit) (All versions), SINAMICS S120 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (Control Unit) (All versions), SINAMICS S150 V4.7 (Control Unit) (All versions), SINAMICS S150 V4.7 SP1 (Control Unit) (All versions), SINAMICS S150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S150 V5.1 (Control Unit) (All versions), SINAMICS S150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (Control Unit) (All versions), SINAMICS S210 V5.1 SP1 (Control Unit) (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}