Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-10943
HistoryAug 13, 2019 - 7:15 p.m.

CVE-2019-10943

2019-08-1319:15:15
CWE-353
CWE-345
[email protected]
web.nvd.nist.gov
41
cve-2019-10943
simatic
drive controller
s7-1200
s7-1500
plc
vulnerability
network access
code integrity

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.0%

JSON

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.

Affected configurations

NVD
Node
siemenssimatic_et_200sp_open_controller_cpu_1515sp_pcMatch-
AND
siemenssimatic_et_200sp_open_controller_cpu_1515sp_pc_firmware
Node
siemenssimatic_et_200sp_open_controller_cpu_1515sp_pc2Match-
AND
siemenssimatic_et_200sp_open_controller_cpu_1515sp_pc2_firmwareRange<20.8
Node
siemenssimatic_s7-1200_cpu_1211cMatch-
AND
siemenssimatic_s7-1200_cpu_1211c_firmwareRange<4.4
Node
siemenssimatic_s7-1200_cpu_1212cMatch-
AND
siemenssimatic_s7-1200_cpu_1212c_firmwareRange<4.4
Node
siemenssimatic_s7-1200_cpu_1214cMatch-
AND
siemenssimatic_s7-1200_cpu_1214c_firmwareRange<4.4
Node
siemenssimatic_s7-1200_cpu_1215cMatch-
AND
siemenssimatic_s7-1200_cpu_1215c_firmwareRange<4.4
Node
siemenssimatic_s7-1200_cpu_1217cMatch-
AND
siemenssimatic_s7-1200_cpu_1217c_firmwareRange<4.4
Node
siemenssimatic_s7-1500_cpu_1518Match-
AND
siemenssimatic_s7-1500_cpu_1518_firmwareRange<2.8.1
Node
siemenssimatic_s7-1500_cpu_1511c_firmwareRange<2.8.1
AND
siemenssimatic_s7-1500_cpu_1511cMatch-
Node
siemenssimatic_s7-1500_cpu_1512c_firmwareRange<2.8.1
AND
siemenssimatic_s7-1500_cpu_1512cMatch-
Node
siemenssimatic_s7-1500_software_controllerRange<20.8
OR
siemenssimatic_s7_plcsim_advancedRange<3.0

CNA Affected

[
  {
    "product": "SIMATIC Drive Controller family",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V20.8"
      }
    ]
  },
  {
    "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V20.8"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.4.0"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V4.4.0"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.8.1"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.8.1"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1500 Software Controller",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V20.8"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1500 Software Controller",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V20.8"
      }
    ]
  },
  {
    "product": "SIMATIC S7-PLCSIM Advanced",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.0"
      }
    ]
  },
  {
    "product": "SIMATIC S7-PLCSIM Advanced",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V3.0"
      }
    ]
  }
]

Related

nessus 2
cvelist 1
prion 1
nvd 1
ics 1
nessus
nessus
Siemens Simatic Improper Access Control
2019-11-08 00:00:00
Siemens SIMATIC S7-1200 and S7-1500 CPU Families Missing Support For Integrity Check (CVE-2019-10943)
2022-02-07 00:00:00
cvelist
cvelist
CVE-2019-10943
2019-08-13 18:55:57
prion
prion
Code injection
2019-08-13 19:15:00
nvd
nvd
CVE-2019-10943
2019-08-13 19:15:15
ics
ics
Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B)
2022-08-11 12:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.0%

JSON
Related for CVE-2019-10943
nessus2cvelist1prion1nvd1ics1