CVE-2019-6572

🗓️ 14 May 2019 19:54:48Reported by siemensType

Vulnerability in SIMATIC HMI Panels, WinCC Runtime, and HMI Classic Device

Reporter	Title	Published	Views	Family All 9
Tenable Nessus	Siemens SIMATIC HMI Panels and TIA Portal <= v15.1 Update 1 Hardcoded Credentials (ICSA-19-134-09)	31 Jul 201900:00	–	nessus
CNVD	Vulnerabilities in Permissions and Access Control Issues for Multiple Siemens Products	14 May 201900:00	–	cnvd
Cvelist	CVE-2019-6572	14 May 201919:54	–	cvelist
EUVD	EUVD-2019-16131	7 Oct 202500:30	–	euvd
ICS	Siemens SIMATIC Panels and WinCC (TIA Portal)	9 Apr 201900:00	–	ics
NVD	CVE-2019-6572	14 May 201920:29	–	nvd
OSV	CVE-2019-6572	14 May 201920:29	–	osv
Prion	Hardcoded credentials	14 May 201920:29	–	prion
RedhatCVE	CVE-2019-6572	22 May 202510:18	–	redhatcve

NVD

Node

siemens simatic_hmi_comfort_panels_firmwareRange<15.1

AND

siemens simatic_hmi_comfort_panelsMatch-

Node

siemens simatic_hmi_comfort_outdoor_panels_firmwareRange<15.1

AND

siemens simatic_hmi_comfort_outdoor_panelsMatch-

Node

siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmwareRange<15.1

AND

siemens simatic_hmi_ktp_mobile_panels_ktp400fMatch-

Node

siemens simatic_hmi_ktp_mobile_panels_ktp700_firmwareRange<15.1

AND

siemens simatic_hmi_ktp_mobile_panels_ktp700Match-

Node

siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmwareRange<15.1

AND

siemens simatic_hmi_ktp_mobile_panels_ktp700fMatch-

Node

siemens simatic_hmi_ktp_mobile_panels_ktp900_firmwareRange<15.1

AND

siemens simatic_hmi_ktp_mobile_panels_ktp900Match-

Node

siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmwareRange<15.1

AND

siemens simatic_hmi_ktp_mobile_panels_ktp900fMatch-

Node

siemens simatic_wincc_(tia_portal)Range<15.1

siemens simatic_wincc_runtimeRange<15.1advanced

siemens simatic_wincc_runtimeRange<15.1professional

Node

siemens simatic_hmi_tp_firmware

AND

siemens simatic_hmi_tpMatch-

Node

siemens simatic_hmi_mp_firmware

AND

siemens simatic_hmi_mpMatch-

Node

siemens simatic_hmi_op_firmware

AND

siemens simatic_hmi_opMatch-

[
  {
    "product": "SIMATIC HMI Comfort Panels 4\" - 22\"",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC Runtime Advanced",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC Runtime Professional",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC WinCC (TIA Portal)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V15.1 Update 1"
      }
    ]
  },
  {
    "product": "SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel)",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Source	Link
us-cert	www.us-cert.gov/ics/advisories/ICSA-19-134-09
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf
securityfocus	www.securityfocus.com/bid/108412

21 Nov 2024 04:46Current

8.7High risk

Vulners AI Score8.7

CVSS 26.4

CVSS 3.19.1

EPSS0.00719