CVE-2019-19282

Description

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Physical

Changed

Affected products

Siemens / OpenPCS 7 V8.1All versions – All versions
Siemens / OpenPCS 7 V8.2All versions – All versions
Siemens / OpenPCS 7 V9.0All versions < V9.0 Upd3 – All versions < V9.0 Upd3
Siemens / SIMATIC BATCH V8.1All versions – All versions
Siemens / SIMATIC BATCH V8.2All versions < V8.2 Upd12 – All versions < V8.2 Upd12
Siemens / SIMATIC BATCH V9.0All versions < V9.0 SP1 Upd5 – All versions < V9.0 SP1 Upd5
Siemens / SIMATIC NET PC Software V14All versions < V14 SP1 Update 14 – All versions < V14 SP1 Update 14
Siemens / SIMATIC NET PC Software V15All versions – All versions
Siemens / SIMATIC NET PC Software V16All versions < V16 Update 1 – All versions < V16 Update 1
Siemens / SIMATIC PCS 7 V8.1All versions – All versions
Siemens / SIMATIC PCS 7 V8.2All versions – All versions
Siemens / SIMATIC PCS 7 V9.0All versions < V9.0 SP3 – All versions < V9.0 SP3
Siemens / SIMATIC Route Control V8.1All versions – All versions
Siemens / SIMATIC Route Control V8.2All versions – All versions
Siemens / SIMATIC Route Control V9.0All versions < V9.0 Upd4 – All versions < V9.0 Upd4
Siemens / SIMATIC WinCC (TIA Portal) V13All versions < V13 SP2 – All versions < V13 SP2
Siemens / SIMATIC WinCC (TIA Portal) V14All versions < V14 SP1 Update 10 – All versions < V14 SP1 Update 10
Siemens / SIMATIC WinCC (TIA Portal) V15.1All versions < V15.1 Update 5 – All versions < V15.1 Update 5
Siemens / SIMATIC WinCC (TIA Portal) V16All versions < V16 Update 1 – All versions < V16 Update 1
Siemens / SIMATIC WinCC V7.3All versions – All versions
Siemens / SIMATIC WinCC V7.4All versions < V7.4 SP1 Update 14 – All versions < V7.4 SP1 Update 14
Siemens / SIMATIC WinCC V7.5All versions < V7.5 SP1 Update 1 – All versions < V7.5 SP1 Update 1

References

MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf