CVE-2019-10929

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf	Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-344-04	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511c:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

OR	cpe:2.3:a:siemens:simatic_net_pc::::::::
	cpe:2.3:a:siemens:simatic_s7-1500::::::::
	cpe:2.3:a:siemens:simatic_s7-plcsim_advanced::::::::
	cpe:2.3:a:siemens:simatic_step_7::::::::
	cpe:2.3:a:siemens:simatic_wincc::::::::
	cpe:2.3:a:siemens:simatic_wincc_open_architecture::::::::
	cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.16:-::::::
	cpe:2.3:a:siemens:simatic_wincc_open_architecture:3.16:patch_12::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime:::::advanced:::*
	cpe:2.3:a:siemens:simatic_wincc_runtime:::::professional:::*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:simatic_cp_1626_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:simatic_tim_1531_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_tim_1531_irc:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_panel_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_panel:-:*:*:*:*:*:*:*

History

10 Aug 2022, 20:15

Type	Values Removed	Values Added
Summary	A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.	A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

10 Aug 2022, 12:15

Type	Values Removed	Values Added
CWE	~~NVD-CWE-Other~~	CWE-327
Summary	A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7 PLCSIM Advanced (All versions < V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.	A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

12 Apr 2022, 10:15

Type	Values Removed	Values Added
Summary	A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7 PLCSIM Advanced (All versions < V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.	A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7 PLCSIM Advanced (All versions < V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

12 Apr 2022, 09:15

Type	Values Removed	Values Added
Summary	A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication.	A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7 PLCSIM Advanced (All versions < V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

Information

Published : 2019-08-13 19:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-10929

Mitre link : CVE-2019-10929

CVE.ORG link : CVE-2019-10929

JSON object : View

Products Affected

siemens

simatic_s7-1200_cpu_1215c
simatic_hmi_panel_firmware
simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware
simatic_wincc_open_architecture
simatic_s7-1200_cpu_1211c_firmware
simatic_tim_1531_irc
simatic_s7-1200_cpu_1217c
simatic_s7-1200_cpu_1212c_firmware
simatic_s7-1500_cpu_1512c
simatic_net_pc
simatic_step_7
simatic_wincc_runtime
simatic_s7-1500_cpu_1518_firmware
simatic_cp_1626_firmware
simatic_tim_1531_irc_firmware
simatic_s7-1500
simatic_s7-1500_cpu_1512c_firmware
simatic_hmi_panel
simatic_s7-1200_cpu_1212c
simatic_et_200sp_open_controller_cpu_1515sp_pc
simatic_s7-1500_cpu_1511c_firmware
simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware
simatic_s7-1200_cpu_1217c_firmware
simatic_s7-1500_cpu_1518
simatic_s7-1200_cpu_1215c_firmware
simatic_s7-plcsim_advanced
simatic_cp_1626
simatic_et_200sp_open_controller_cpu_1515sp_pc2
simatic_wincc
simatic_s7-1500_cpu_1511c
simatic_s7-1200_cpu_1214c_firmware
simatic_s7-1200_cpu_1211c
simatic_s7-1200_cpu_1214c

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

NVD-CWE-Other

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-10929

5.9^/10

4.3^/10

Attach tags to `CVE-2019-10929`