Published: 13/08/2019 Updated: 10/08/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Simatic Et 200sp Open Controller Cpu 1515sp Pc Firmware

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware
siemens simatic_s7-1200_cpu_1211c_firmware
siemens simatic_s7-1200_cpu_1212c_firmware
siemens simatic_s7-1200_cpu_1214c_firmware
siemens simatic_s7-1200_cpu_1215c_firmware
siemens simatic_s7-1200_cpu_1217c_firmware
siemens simatic_s7-1500_cpu_1518_firmware
siemens simatic_s7-1500_cpu_1511c_firmware
siemens simatic_s7-1500_cpu_1512c_firmware
siemens simatic s7-plcsim advanced
siemens simatic s7-1500
siemens simatic net pc
siemens simatic step 7
siemens simatic wincc open architecture 3.16
siemens simatic wincc
siemens simatic wincc open architecture
siemens simatic wincc runtime
siemens simatic_cp_1626_firmware
siemens simatic_tim_1531_irc_firmware
siemens simatic_hmi_panel_firmware

Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems

The Siemens industrial control systems architecture consists of Simatic S7 PLCs which communicate with a TIA engineering station and SCADA HMI on one side.In this paper we show that even the latest versions of the devices and protocols are still vulnerable.

SIEMENS-S7-PLCs-attacks The Siemens industrial control systems architecture consists of Simatic S7 PLCs which communicate with a TIA engineering station and SCADA HMI on one sideIn this paper we show that even the latest versions of the devices and protocols are still vulnerable Siemens communications overview S7comms, or Step 7 communications, is a Siemens protocol implement

CWE-327 https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf https://www.us-cert.gov/ics/advisories/icsa-19-344-04 https://nvd.nist.gov https://github.com/Esamgold/SIEMENS-S7-PLCs-attacks https://www.cisa.gov/uscert/ics/advisories/icsa-19-344-04

CVE-2019-10929

Vulnerability Summary

Vulnerability Trend

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect