CVE-2019-13940

Published Feb 11, 2020

Last updated a year ago

CVSS high 7.5

Overview

Description: A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.
Source: productcert@siemens.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

productcert@siemens.com: CWE-400
nvd@nist.gov: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9437AAD-4048-40DD-9744-E1D6D674F6E0",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1211c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61C1E689-5C2F-4EA6-8908-F4DE80F0DC15"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3819941-7F6C-44F0-A91D-76AA0EF80108",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1212c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F64C2324-903C-4D44-A882-DAFAC6D72A41"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1E3D84C-3367-4B6F-BF7C-DD4D2C91D79A",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1214c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4C0D9EA6-F503-4EF3-A59E-E9DD27194C6D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DC7EE33-D833-4D19-82B7-02D0A8DA99C5",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1215c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1885A3FE-DB40-47B7-AC89-1D778F702E2A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "057D3C0B-19CB-4CEE-9CE1-75F1E2B9F7B6",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1217c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C66C66F8-8A06-4BA0-A2E2-82889778C0FA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21ACBE3A-6B9B-47E0-AF50-95E5FF17F811",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "44D5089B-413A-4829-A035-8E2852C41291"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1214fc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A80C325-BA66-413E-AB52-E75AE78E14B9",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1214fc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "72240379-74FC-4C3C-A31B-BFEEADB8FFFD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1215fc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23DD97D0-C6DC-4745-AA0A-1F636B5B805C",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1215fc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B3B5BEF3-84FF-4D05-A010-94A8E2593E2E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_s7-1200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5091C8D1-D15F-4632-95B9-5D7811CE6554",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_s7-1200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "108670FB-BE27-4961-8CCB-07E1FF93624D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_cpu_1211c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B091889A-AC6B-4301-815C-530F1D6D5238",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_cpu_1211c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "658D85DE-D124-4452-8540-D0A165FF79EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_cpu_1212c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB20B434-8AA7-4DFC-9C7B-2C778C54D9D3",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_cpu_1212c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ED7AE1F6-A1D2-40AF-BDDD-5D3913D75833"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_cpu_1214c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D4C79E6-052B-47F2-BCDA-D8A792B7D0EE",
            "versionEndIncluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_cpu_1214c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC520E65-87BF-41FB-BE5B-0D309F42FD50"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_cpu_1215c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C742F31E-66A8-4781-A4EF-881C4E45190E",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_cpu_1215c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "889E0984-9116-4928-ABD0-12FC92079B22"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3143965-3A6D-4EFD-9DF4-A341DFE0E922"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A1557AE-0F0A-4EA8-AE26-779E8C98336F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CEB6DA13-FD4E-4168-A08A-00547E656CA1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4309A70D-5C4C-4F03-A5C6-1735AEE0E410"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A773F92D-E5C0-4B51-8214-19BFE6BC7638"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0B56C44-3148-4612-9543-9F96DF0142A6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7593F136-F558-4C3D-8429-5141A621981B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3677E3F-ABFE-4D77-96CF-68E58FF45CF1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\\/dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A340DA65-BA46-4F72-8951-93135F9F6602"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3143965-3A6D-4EFD-9DF4-A341DFE0E922"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B922AD6-819B-4D7F-A31A-E4D39CE8DC6A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "88F00AE1-D55A-4C7C-A421-2B89BDFE4C9D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A94629F5-6569-406C-8E8E-990F2E21B0A0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7D038857-CED3-4312-9B86-36DC10A0398F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B093DE9C-1E39-4CF3-89B9-6A2B678A477E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1FC6FF34-3155-4CF8-88D5-4EAE00B32163"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_317-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3844D023-F67B-41B4-8B9E-EAF8B79E9209"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_317-2_pn\\/dp:v6:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4A5CDFEA-E5F2-419F-A1B3-D98C44D38D84"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_cpu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ECD08DA-16E8-4C33-A07B-DA1EACADAF70"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_cpu:v7:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A07D125-F671-40E6-8E9C-6E13F7E00ADD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_winac_rtx_\\(f\\)_2010:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5537D556-046A-444A-9AB6-B4F9AA121CF1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References