Denial of service in Siemens Industrial Products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-6575 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
SIMATIC S7-1500 CPU Hardware solutions / Firmware SIMATIC RF600R Server applications / SCADA systems SIMATIC NET PC Software Server applications / SCADA systems SIMATIC IPC DiagMonitor Server applications / SCADA systems SIMATIC HMI KTP Mobile Panels Server applications / SCADA systems SIMATIC HMI Comfort Panels 4”-22” Server applications / SCADA systems SIMATIC HMI Comfort Outdoor Panels 7” & 15” Server applications / SCADA systems SIMATIC ET 200SP Open Controller Server applications / SCADA systems SIMATIC CP443-1 OPC UA Server applications / SCADA systems SIMATIC RF188C Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU21971
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2019-6575
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the OPC UA server. A remote attacker can send a specially crafted packet on port 4840/tcp and cause a denial of service condition on the OPC communication or crash the target device.
This vulnerability affects the following products:
- SIMATIC CP443-1 OPC UA
- SIMATIC ET 200 Open Controller CPU 1515SPPC2
- SIMATIC HMI Comfort Outdoor Panels 7" & 15"
- SIMATIC HMI Comfort Panels 4" - 22":All versions
- SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 and KTP900F
- SIMATIC IPC DiagMonitor
- SIMATIC NET PC Software
- SIMATIC RF188C
- SIMATIC RF600R
- SIMATIC S7-1500 CPU family
Install updates from vendor's website.
Vulnerable software versionsSIMATIC S7-1500 CPU: 1.0 - 2.6
SIMATIC RF600R: All versions
SIMATIC RF188C: All versions
SIMATIC NET PC Software: - - 7.1
SIMATIC IPC DiagMonitor: All versions
SIMATIC HMI KTP Mobile Panels: All versions
SIMATIC HMI Comfort Panels 4”-22”: All versions
SIMATIC HMI Comfort Outdoor Panels 7” & 15”: All versions
SIMATIC ET 200SP Open Controller: All versions
SIMATIC CP443-1 OPC UA: All versions
CPE2.3- cpe:2.3:h:siemens:simatic_s7-1500_cpu:1.0:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_rf600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_rf188c:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_net_pc_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_net_pc_software:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_ktp_mobile_panels:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_comfort_panels_4”-22”:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_comfort_outdoor_panels_7”_and_15”:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_cp443-1_opc_ua:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
