CVE-2019-19276

2021-05-1213:18:21

CWE-787

siemens

www.cve.org

simatic hmi

snmp service

vulnerability

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service.

CNA Affected

[
  {
    "product": "SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16 Update 4"
      }
    ]
  },
  {
    "product": "SIMATIC HMI KTP Mobile Panels",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16 Update 4"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf