Published: 12/12/2019 Updated: 09/10/2020

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens simatic_s7-1200_firmware
siemens s7-200_smart_firmware
siemens simatic_s7-200_smart_cpu_st20_firmware
siemens simatic_s7-200_smart_cpu_st30_firmware
siemens simatic_s7-200_smart_cpu_st40_firmware
siemens simatic_s7-200_smart_cpu_st60_firmware
siemens simatic_s7-200_smart_cpu_sr20_firmware
siemens simatic_s7-200_smart_cpu_sr30_firmware
siemens simatic_s7-200_smart_cpu_sr40_firmware
siemens simatic_s7-200_smart_cpu_sr60_firmware
siemens simatic_s7-200_smart_cpu_cr40_firmware
siemens simatic_s7-200_smart_cpu_cr60_firmware
siemens simatic_s7-200_smart_cpu_cr20s_firmware
siemens simatic_s7-200_smart_cpu_cr30s_firmware
siemens simatic_s7-200_smart_cpu_cr40s_firmware
siemens simatic_s7-200_smart_cpu_cr60s_firmware

Client utility for Siemens S7 bootloader special access feature

Siemens S7 PLCs Bootloader Arbitrary Code Execution Utility This repository describes the way we get non-invasive arbitrary code execution on the Siemens S7 PLC by using an undocumented bootloader protocol over UART Siemens assigned SSA-686531 (CVE-2019-13945) for this vulnerability Affected devices are Siemens S7-1200 (all variants including SIPLUS) and S7-200 Smart The lis

NVD-CWE-Other https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf https://nvd.nist.gov https://github.com/RUB-SysSec/SiemensS7-Bootloader

CVE-2019-13945

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect