CVE-2019-6568

Description

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

CVSS breakdown

Affected products

• Siemens / SIMATIC CP 1604All versions – All versions
• Siemens / SIMATIC CP 1616All versions – All versions
• Siemens / SIMATIC CP 343-1 AdvancedAll versions – All versions
• Siemens / SIMATIC CP 443-1All versions < V3.3 – All versions < V3.3
• Siemens / SIMATIC CP 443-1 AdvancedAll versions < V3.3 – All versions < V3.3
• Siemens / SIMATIC CP 443-1 OPC UAAll versions – All versions
• Siemens / SIMATIC ET 200pro IM154-8F PN/DP CPUAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC ET 200pro IM154-8FX PN/DP CPUAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC ET 200pro IM154-8 PN/DP CPUAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC ET 200S IM151-8F PN/DP CPUAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC ET 200S IM151-8 PN/DP CPUAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)All versions < V2.7 – All versions < V2.7
• Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)All versions < V2.1.6 – All versions < V2.1.6
• Siemens / SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)All versions < V15.1 Upd4 – All versions < V15.1 Upd4
• Siemens / SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)All versions < V15.1 Upd4 – All versions < V15.1 Upd4
• Siemens / SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900FAll versions < V15.1 Upd4 – All versions < V15.1 Upd4
• Siemens / SIMATIC IPC DiagMonitorAll versions < V5.1.3 – All versions < V5.1.3
• Siemens / SIMATIC RF182CAll versions – All versions
• Siemens / SIMATIC RF185CAll versions < V1.1.0 – All versions < V1.1.0
• Siemens / SIMATIC RF186CAll versions < V1.1.0 – All versions < V1.1.0
• Siemens / SIMATIC RF188CAll versions < V1.1.0 – All versions < V1.1.0
• Siemens / SIMATIC RF600R familyAll versions < V3.2.1 – All versions < V3.2.1
• Siemens / SIMATIC RFID 181EIPAll versions – All versions
• Siemens / SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)All versions < V2.6.1 – All versions < V2.6.1
• Siemens / SIMATIC S7-1500 Software ControllerAll versions < V2.7 – All versions < V2.7
• Siemens / SIMATIC S7-300 CPU 314C-2 PN/DPAll versions < V3.3.16 – All versions < V3.3.16
• Siemens / SIMATIC S7-300 CPU 315-2 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-300 CPU 315F-2 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-300 CPU 315T-3 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-300 CPU 317-2 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-300 CPU 317F-2 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-300 CPU 317T-3 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-300 CPU 317TF-3 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-300 CPU 319-3 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-300 CPU 319F-3 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)All versions – All versions
• Siemens / SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)All versions – All versions
• Siemens / SIMATIC S7-PLCSIM AdvancedAll versions < V2.0 SP1 UPD1 – All versions < V2.0 SP1 UPD1
• Siemens / SIMATIC Teleservice Adapter IE AdvancedAll versions – All versions
• Siemens / SIMATIC Teleservice Adapter IE BasicAll versions – All versions
• Siemens / SIMATIC Teleservice Adapter IE StandardAll versions – All versions
• Siemens / SIMATIC WinAC RTX 2010All versions < V2010 SP3 – All versions < V2010 SP3
• Siemens / SIMATIC WinAC RTX F 2010All versions < V2010 SP3 – All versions < V2010 SP3
• Siemens / SIMATIC WinCC Runtime AdvancedAll versions < V15.1 Upd4 – All versions < V15.1 Upd4
• Siemens / SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)All versions < V1.1.3 – All versions < V1.1.3
• Siemens / SIMOCODE pro V PROFINET (incl. SIPLUS variants)All versions < V2.1.3 – All versions < V2.1.3
• Siemens / SINAMICS G130 V4.6 Control UnitAll versions – All versions
• Siemens / SINAMICS G130 V4.7 Control UnitAll versions – All versions
• Siemens / SINAMICS G130 V4.7 SP1 Control UnitAll versions – All versions
• Siemens / SINAMICS G130 V4.8 Control UnitAll versions < V4.8 HF6 – All versions < V4.8 HF6
• Siemens / SINAMICS G130 V5.1 Control UnitAll versions – All versions
• Siemens / SINAMICS G130 V5.1 SP1 Control UnitAll versions < V5.1 SP1 HF4 – All versions < V5.1 SP1 HF4
• Siemens / SINAMICS G150 V4.6 Control UnitAll versions – All versions
• Siemens / SINAMICS G150 V4.7 Control UnitAll versions – All versions
• Siemens / SINAMICS G150 V4.7 SP1 Control UnitAll versions – All versions
• Siemens / SINAMICS G150 V4.8 Control UnitAll versions < V4.8 HF6 – All versions < V4.8 HF6
• Siemens / SINAMICS G150 V5.1 Control UnitAll versions – All versions
• Siemens / SINAMICS G150 V5.1 SP1 Control UnitAll versions < V5.1 SP1 HF4 – All versions < V5.1 SP1 HF4
• Siemens / SINAMICS GH150 V4.7 (Control Unit)All versions – All versions
• Siemens / SINAMICS GH150 V4.8 (Control Unit)All versions < V4.8 SP2 HF9 – All versions < V4.8 SP2 HF9
• Siemens / SINAMICS GL150 V4.7 (Control Unit)All versions – All versions
• Siemens / SINAMICS GL150 V4.8 (Control Unit)All versions < V4.8 SP2 HF9 – All versions < V4.8 SP2 HF9
• Siemens / SINAMICS GM150 V4.7 (Control Unit)All versions – All versions
• Siemens / SINAMICS GM150 V4.8 (Control Unit)All versions < V4.8 SP2 HF9 – All versions < V4.8 SP2 HF9
• Siemens / SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)All versions – All versions
• Siemens / SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)All versions – All versions
• Siemens / SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)All versions – All versions
• Siemens / SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)All versions < V4.8 HF6 – All versions < V4.8 HF6
• Siemens / SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)All versions – All versions
• Siemens / SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)All versions < V5.1 SP1 HF4 – All versions < V5.1 SP1 HF4
• Siemens / SINAMICS S150 V4.6 Control UnitAll versions – All versions
• Siemens / SINAMICS S150 V4.7 Control UnitAll versions – All versions
• Siemens / SINAMICS S150 V4.7 SP1 Control UnitAll versions – All versions
• Siemens / SINAMICS S150 V4.8 Control UnitAll versions < V4.8 HF6 – All versions < V4.8 HF6
• Siemens / SINAMICS S150 V5.1 Control UnitAll versions – All versions
• Siemens / SINAMICS S150 V5.1 SP1 Control UnitAll versions < V5.1 SP1 HF4 – All versions < V5.1 SP1 HF4
• Siemens / SINAMICS S210All versions < V5.1 SP1 HF8 – All versions < V5.1 SP1 HF8
• Siemens / SINAMICS SL150 V4.7 (Control Unit)All versions < V4.7 HF33 – All versions < V4.7 HF33
• Siemens / SINAMICS SL150 V4.8 (Control Unit)All versions – All versions
• Siemens / SINAMICS SM120 V4.7 (Control Unit)All versions – All versions
• Siemens / SINAMICS SM120 V4.8 (Control Unit)All versions < V4.8 SP2 HF10 – All versions < V4.8 SP2 HF10
• Siemens / SINAMICS SM150 V4.8 (Control Unit)All versions – All versions
• Siemens / SIPLUS ET 200S IM151-8F PN/DP CPUAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIPLUS ET 200S IM151-8 PN/DP CPUAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIPLUS NET CP 343-1 AdvancedAll versions – All versions
• Siemens / SIPLUS NET CP 443-1All versions < V3.3 – All versions < V3.3
• Siemens / SIPLUS NET CP 443-1 AdvancedAll versions < V3.3 – All versions < V3.3
• Siemens / SIPLUS S7-300 CPU 314C-2 PN/DPAll versions < V3.3.16 – All versions < V3.3.16
• Siemens / SIPLUS S7-300 CPU 315-2 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIPLUS S7-300 CPU 315F-2 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIPLUS S7-300 CPU 317-2 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SIPLUS S7-300 CPU 317F-2 PN/DPAll versions < V3.2.16 – All versions < V3.2.16
• Siemens / SITOP ManagerAll versions < V1.1 – All versions < V1.1
• Siemens / SITOP PSU8600All versions < V1.5 – All versions < V1.5
• Siemens / SITOP UPS1600 (incl. SIPLUS variants)All versions < V2.3 – All versions < V2.3
• Siemens / TIM 1531 IRC (incl. SIPLUS NET variants)All versions < V2.1 – All versions < V2.1

References

• MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf
• MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf