Lucene search

[email protected]CVE-2019-13945

HistoryDec 12, 2019 - 2:15 p.m.

CVE-2019-13945

2019-12-1214:15:15

CWE-749

[email protected]

web.nvd.nist.gov

cve-2019-13945

vulnerability

simatic s7-1200

siplus

s7-200 smart cpu

security

nvd

uart interface

manufacturing access mode

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

Affected configurations

NVD

Node

siemenssimatic_s7-1200_firmware

AND

siemenssimatic_s7-1200Match-

Node

siemenss7-200_smart_firmware

AND

siemenss7-200_smartMatch-

Node

siemenssimatic_s7-200_smart_cpu_st20_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_st20Match-

Node

siemenssimatic_s7-200_smart_cpu_st30_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_st30Match-

Node

siemenssimatic_s7-200_smart_cpu_st40_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_st40Match-

Node

siemenssimatic_s7-200_smart_cpu_st60_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_st60Match-

Node

siemenssimatic_s7-200_smart_cpu_sr20_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_sr20Match-

Node

siemenssimatic_s7-200_smart_cpu_sr30_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_sr30Match-

Node

siemenssimatic_s7-200_smart_cpu_sr40_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_sr40Match-

Node

siemenssimatic_s7-200_smart_cpu_sr60_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_sr60Match-

Node

siemenssimatic_s7-200_smart_cpu_cr40_firmwareRange≤2.2.2

AND

siemenssimatic_s7-200_smart_cpu_cr40Match-

Node

siemenssimatic_s7-200_smart_cpu_cr60_firmwareRange≤2.2.2

AND

siemenssimatic_s7-200_smart_cpu_cr60Match-

Node

siemenssimatic_s7-200_smart_cpu_cr20s_firmwareRange≤2.3.0

AND

siemenssimatic_s7-200_smart_cpu_cr20sMatch-

Node

siemenssimatic_s7-200_smart_cpu_cr30s_firmwareRange≤2.3.0

AND

siemenssimatic_s7-200_smart_cpu_cr30sMatch-

Node

siemenssimatic_s7-200_smart_cpu_cr40s_firmwareRange≤2.3.0

AND

siemenssimatic_s7-200_smart_cpu_cr40sMatch-

Node

siemenssimatic_s7-200_smart_cpu_cr60s_firmwareRange≤2.3.0

AND

siemenssimatic_s7-200_smart_cpu_cr60sMatch-

CPENameOperatorVersion
siemens:simatic_s7-1200_firmwaresiemens simatic s7-1200 firmwareeq*

CPE	Name	Operator	Version
siemens:simatic_s7-1200_firmware	siemens simatic s7-1200 firmware	eq	*

CNA Affected

[
  {
    "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions with Function State (FS) < 11"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.3.0 and Function State (FS) <= 3"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.3.0 and Function State (FS) <= 3"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.2.2 and Function State (FS) <= 8"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.3.0 and Function State (FS) <= 3"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.2.2 and Function State (FS) <= 10"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.3.0 and Function State (FS) <= 3"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.5.0 and Function State (FS) <= 11"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.5.0 and Function State (FS) <= 10"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.5.0 and Function State (FS) <= 10"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.5.0 and Function State (FS) <= 12"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.5.0 and Function State (FS) <= 9"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.5.0 and Function State (FS) <= 9"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.5.0 and Function State (FS) <= 8"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <= V2.5.0 and Function State (FS) <= 8"
      }
    ]
  },
  {
    "product": "SIMATIC S7-200 SMART CPU family",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for CVE-2019-13945

nessus2 symantec1 prion1 cvelist1 nvd1 ics1