{"id": "CVE-2019-13940", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-02-11T16:15:14.773", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server\r\nby sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.\r\n\r\nBeyond the web service, no other functions or interfaces are affected by the denial of service condition."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en la familia de CPUs SIMATIC S7-1200 (incluidas las variantes SIPLUS) (Todas las versiones anteriores a V4.1), la familia de CPUs SIMATIC S7-300 PN/DP (incluidas las CPUs ET200 relacionadas y las variantes SIPLUS) (Todas las versiones anteriores a V3.X.17 ), familia de CPU SIMATIC S7-400 PN/DP V6 e inferiores (incl. variantes SIPLUS) (Todas las versiones), familia de CPU SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS) (Todas las versiones), SIMATIC WinAC RTX (F) 2010 (Todas las versiones). Los dispositivos afectados contienen una vulnerabilidad que podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio del servidor web mediante el env\u00edo de peticiones HTTP especialmente dise\u00f1adas a los puertos 80/tcp y 443/tcp. La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso a la red de un dispositivo afectado. La explotaci\u00f3n exitosa no requiere privilegios del sistema ni interacci\u00f3n del usuario. Un atacante podr\u00eda utilizar la vulnerabilidad para comprometer la disponibilidad del servidor web del dispositivo. Aparte del servicio web, no hay otras funciones o interfaces afectadas por la condici\u00f3n de denegaci\u00f3n de servicio"}], "lastModified": "2023-11-07T03:04:28.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9437AAD-4048-40DD-9744-E1D6D674F6E0", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1211c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61C1E689-5C2F-4EA6-8908-F4DE80F0DC15"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3819941-7F6C-44F0-A91D-76AA0EF80108", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1212c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F64C2324-903C-4D44-A882-DAFAC6D72A41"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1E3D84C-3367-4B6F-BF7C-DD4D2C91D79A", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1214c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4C0D9EA6-F503-4EF3-A59E-E9DD27194C6D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DC7EE33-D833-4D19-82B7-02D0A8DA99C5", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1215c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1885A3FE-DB40-47B7-AC89-1D778F702E2A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "057D3C0B-19CB-4CEE-9CE1-75F1E2B9F7B6", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1217c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C66C66F8-8A06-4BA0-A2E2-82889778C0FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21ACBE3A-6B9B-47E0-AF50-95E5FF17F811", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44D5089B-413A-4829-A035-8E2852C41291"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1214fc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A80C325-BA66-413E-AB52-E75AE78E14B9", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1214fc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72240379-74FC-4C3C-A31B-BFEEADB8FFFD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:s7-1200_cpu_1215fc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23DD97D0-C6DC-4745-AA0A-1F636B5B805C", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:s7-1200_cpu_1215fc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B3B5BEF3-84FF-4D05-A010-94A8E2593E2E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5091C8D1-D15F-4632-95B9-5D7811CE6554", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "108670FB-BE27-4961-8CCB-07E1FF93624D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_cpu_1211c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B091889A-AC6B-4301-815C-530F1D6D5238", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_cpu_1211c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "658D85DE-D124-4452-8540-D0A165FF79EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_cpu_1212c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB20B434-8AA7-4DFC-9C7B-2C778C54D9D3", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_cpu_1212c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ED7AE1F6-A1D2-40AF-BDDD-5D3913D75833"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_cpu_1214c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D4C79E6-052B-47F2-BCDA-D8A792B7D0EE", "versionEndIncluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_cpu_1214c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC520E65-87BF-41FB-BE5B-0D309F42FD50"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_cpu_1215c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C742F31E-66A8-4781-A4EF-881C4E45190E", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_cpu_1215c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "889E0984-9116-4928-ABD0-12FC92079B22"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3143965-3A6D-4EFD-9DF4-A341DFE0E922"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1557AE-0F0A-4EA8-AE26-779E8C98336F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2dp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CEB6DA13-FD4E-4168-A08A-00547E656CA1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4309A70D-5C4C-4F03-A5C6-1735AEE0E410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A773F92D-E5C0-4B51-8214-19BFE6BC7638"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0B56C44-3148-4612-9543-9F96DF0142A6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7593F136-F558-4C3D-8429-5141A621981B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3677E3F-ABFE-4D77-96CF-68E58FF45CF1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\\/dp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A340DA65-BA46-4F72-8951-93135F9F6602"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3143965-3A6D-4EFD-9DF4-A341DFE0E922"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\\/dp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7167E5B0-D278-4F63-B5CD-39DBDF336089"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B922AD6-819B-4D7F-A31A-E4D39CE8DC6A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "88F00AE1-D55A-4C7C-A421-2B89BDFE4C9D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A94629F5-6569-406C-8E8E-990F2E21B0A0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7D038857-CED3-4312-9B86-36DC10A0398F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B093DE9C-1E39-4CF3-89B9-6A2B678A477E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_pn\\/dp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FC6FF34-3155-4CF8-88D5-4EAE00B32163"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-300_cpu_317-2_pn\\/dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3844D023-F67B-41B4-8B9E-EAF8B79E9209"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-300_cpu_317-2_pn\\/dp:v6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A5CDFEA-E5F2-419F-A1B3-D98C44D38D84"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_cpu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ECD08DA-16E8-4C33-A07B-DA1EACADAF70"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-400_pn\\/dp_cpu:v7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A07D125-F671-40E6-8E9C-6E13F7E00ADD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_winac_rtx_\\(f\\)_2010:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5537D556-046A-444A-9AB6-B4F9AA121CF1"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}
