Lucene search

PRIOn knowledge basePRION:CVE-2019-6568

HistoryApr 17, 2019 - 2:29 p.m.

Design/Logic Flaw

2019-04-1714:29:00

PRIOn knowledge base

www.prio-n.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

45.5%

JSON

The webserver of the affected devices contains a vulnerability that may lead to
a denial of service condition. An attacker may cause a denial of service
situation which leads to a restart of the webserver of the affected device.

The security vulnerability could be exploited by an attacker with network
access to the affected systems. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise availability of the device.

CPENameOperatorVersion
simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmwarelt2.7
simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmwarelt2.1.6
simatic_hmi_comfort_outdoor_panels_firmwarelt15.1
simatic_hmi_comfort_outdoor_panels_firmwareeq15.1
simatic_hmi_comfort_panels_firmwarelt15.1
simatic_hmi_comfort_panels_firmwareeq15.1
simatic_hmi_ktp_mobile_panels_ktp400f_firmwarelt15.1
simatic_hmi_ktp_mobile_panels_ktp400f_firmwareeq15.1
simatic_hmi_ktp_mobile_panels_ktp700_firmwarelt15.1
simatic_hmi_ktp_mobile_panels_ktp700_firmwareeq15.1

Name	Operator	Version
simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware	lt	2.7
simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware	lt	2.1.6
simatic_hmi_comfort_outdoor_panels_firmware	lt	15.1
simatic_hmi_comfort_outdoor_panels_firmware	eq	15.1
simatic_hmi_comfort_panels_firmware	lt	15.1
simatic_hmi_comfort_panels_firmware	eq	15.1
simatic_hmi_ktp_mobile_panels_ktp400f_firmware	lt	15.1
simatic_hmi_ktp_mobile_panels_ktp400f_firmware	eq	15.1
simatic_hmi_ktp_mobile_panels_ktp700_firmware	lt	15.1
simatic_hmi_ktp_mobile_panels_ktp700_firmware	eq	15.1

Rows per page:

1-10 of 651

References

cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf

cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

45.5%

JSON

Related for PRION:CVE-2019-6568