Lucene search

[email protected]NVD:CVE-2019-13945

HistoryDec 12, 2019 - 2:15 p.m.

CVE-2019-13945

2019-12-1214:15:15

CWE-749

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

Affected configurations

Nvd

Node

siemenssimatic_s7-1200_firmware

AND

siemenssimatic_s7-1200Match-

Node

siemenss7-200_smart_firmware

AND

siemenss7-200_smartMatch-

Node

siemenssimatic_s7-200_smart_cpu_st20_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_st20Match-

Node

siemenssimatic_s7-200_smart_cpu_st30_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_st30Match-

Node

siemenssimatic_s7-200_smart_cpu_st40_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_st40Match-

Node

siemenssimatic_s7-200_smart_cpu_st60_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_st60Match-

Node

siemenssimatic_s7-200_smart_cpu_sr20_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_sr20Match-

Node

siemenssimatic_s7-200_smart_cpu_sr30_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_sr30Match-

Node

siemenssimatic_s7-200_smart_cpu_sr40_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_sr40Match-

Node

siemenssimatic_s7-200_smart_cpu_sr60_firmwareRange≤2.5.0

AND

siemenssimatic_s7-200_smart_cpu_sr60Match-

Node

siemenssimatic_s7-200_smart_cpu_cr40_firmwareRange≤2.2.2

AND

siemenssimatic_s7-200_smart_cpu_cr40Match-

Node

siemenssimatic_s7-200_smart_cpu_cr60_firmwareRange≤2.2.2

AND

siemenssimatic_s7-200_smart_cpu_cr60Match-

Node

siemenssimatic_s7-200_smart_cpu_cr20s_firmwareRange≤2.3.0

AND

siemenssimatic_s7-200_smart_cpu_cr20sMatch-

Node

siemenssimatic_s7-200_smart_cpu_cr30s_firmwareRange≤2.3.0

AND

siemenssimatic_s7-200_smart_cpu_cr30sMatch-

Node

siemenssimatic_s7-200_smart_cpu_cr40s_firmwareRange≤2.3.0

AND

siemenssimatic_s7-200_smart_cpu_cr40sMatch-

Node

siemenssimatic_s7-200_smart_cpu_cr60s_firmwareRange≤2.3.0

AND

siemenssimatic_s7-200_smart_cpu_cr60sMatch-

VendorProductVersionCPE
siemenssimatic_s7-1200_firmware*cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-1200-cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*
siemenss7-200_smart_firmware*cpe:2.3:o:siemens:s7-200_smart_firmware:*:*:*:*:*:*:*:*
siemenss7-200_smart-cpe:2.3:h:siemens:s7-200_smart:-:*:*:*:*:*:*:*
siemenssimatic_s7-200_smart_cpu_st20_firmware*cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st20_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-200_smart_cpu_st20-cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st20:-:*:*:*:*:*:*:*
siemenssimatic_s7-200_smart_cpu_st30_firmware*cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st30_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-200_smart_cpu_st30-cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st30:-:*:*:*:*:*:*:*
siemenssimatic_s7-200_smart_cpu_st40_firmware*cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st40_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-200_smart_cpu_st40-cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st40:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_s7-1200_firmware	*	cpe:2.3:o:siemens:simatic_s7-1200_firmware::::::::
siemens	simatic_s7-1200	-	cpe:2.3:h:siemens:simatic_s7-1200:-:::::::*
siemens	s7-200_smart_firmware	*	cpe:2.3:o:siemens:s7-200_smart_firmware::::::::
siemens	s7-200_smart	-	cpe:2.3:h:siemens:s7-200_smart:-:::::::*
siemens	simatic_s7-200_smart_cpu_st20_firmware	*	cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st20_firmware::::::::
siemens	simatic_s7-200_smart_cpu_st20	-	cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st20:-:::::::*
siemens	simatic_s7-200_smart_cpu_st30_firmware	*	cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st30_firmware::::::::
siemens	simatic_s7-200_smart_cpu_st30	-	cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st30:-:::::::*
siemens	simatic_s7-200_smart_cpu_st40_firmware	*	cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st40_firmware::::::::
siemens	simatic_s7-200_smart_cpu_st40	-	cpe:2.3:h:siemens:simatic_s7-200_smart_cpu_st40:-:::::::*

Rows per page:

1-10 of 321

References

cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

Related for NVD:CVE-2019-13945

cvelist1 nessus2 ics1 symantec1 prion1 cve1