CVE-2019-19282

Published Mar 10, 2020

Last updated 2 years ago

CVSS high 7.5

Overview

Description: A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.
Source: productcert@siemens.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 6.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:C

Weaknesses

productcert@siemens.com: CWE-131
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:openpcs_7:9.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CBF717A-B2D4-459C-894A-65622570645D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:openpcs_7:9.0_update_1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "957DDF70-1837-4E92-A707-944AD6ED4304"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E54F6E83-C353-44FB-9F37-C03DA344A5DC"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E19D98B-B40A-4589-8C26-7722C25EEC63"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85CDD274-B2B4-4DB0-9917-C16B5D900006"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B435D51-FFA2-4F19-9B51-404BB37D7F0D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFBBC7D6-D1D4-452E-A744-B490CF002354"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98BC62E3-4C0B-481A-9274-B9C785F8FDC5"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "744B5953-511F-42CA-80A0-DBE36A6AA144",
            "versionEndExcluding": "16"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "496E3C43-5DA8-4983-8AC6-0F32454E22F3"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "858628AC-EA69-4D72-AE23-77A4A8DE2547"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4A75F15-8F47-4348-A85C-D94BBA8F9992"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A42E3FB0-6C66-4702-BDC8-39EEA54B5C0F"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AA0E077-AB19-473B-9454-8FED7188A2C4"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19EA3CAD-E7CB-412F-A2EA-86A81EC25425"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_route_control:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "885BA05F-BD8F-4DE9-BDD3-6C2C76418B05",
            "versionEndExcluding": "9.0"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_route_control:9.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57073CE8-174E-429D-A721-AB14C7D16D4F"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2637C346-8AAF-481F-AFB0-BAD4254D14F4"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9589FF11-4F9B-40F6-A6C6-55405B9EE351"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DB57B3A-C3B6-4E61-9DAE-B12CEA8CD093"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA6B2933-9C44-480C-96DC-6DF8C88950AF"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45097864-DD87-4587-997B-792F0175472B"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FB24A30-0F93-430D-817E-05E4594C8823"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25237B9A-2E51-4F17-BD75-04D245CCC51D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90643D49-9EFC-4B9A-99C8-266135DF2E00"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC4D7B24-91FF-4891-ABC3-683A6C72ADDA"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1DD77A4-1716-4793-AD73-79D04E3D2AEE"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E667123-6909-4DF2-8CEB-6E87E9FC48BC"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04A5C76A-5D6D-47F8-BEF7-503F9A89AD18"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E776629C-904C-49D6-BF3F-8520FA7D5DFA"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "805DAA15-03A3-4F63-90F7-EA130E5136F2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E79DA14E-419C-49BA-8E4F-2907E1D8937F"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00A48A8E-C112-4778-8A7B-2386E88A0177"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3D10C7E-5FD5-4B37-884B-B450DE5F800B"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D9FE447-2090-47D2-8667-5DC7605089BB"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB4FFADC-51F0-439F-9F80-D2B2614FFC39"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE5A7162-F1B5-4E74-99D6-4108AC4C49FC"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50B77C2A-4D66-4407-8CA4-99C43ED72DDB"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9794ED7E-EB17-4C95-B900-840A48758F03"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57E82CFE-4191-4055-A0BA-EAB7BE96D947"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4DBBDAA-BCAE-4B63-BDFC-3DD70DAD9B7D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5AF87C6-F8D6-4462-9DF5-B9D301002B1C"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4316924-9EF8-4835-A2E4-0C81F4DE473D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References