CVE-2019-19281

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf	Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-042-11

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511-1_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1_pn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513-1_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1_pn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515-2_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2_pn:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_dp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_dp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_dp:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1507s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1508s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1507s_f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1507s_f:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1508s_f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1508s_f:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-10 20:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-19281

Mitre link : CVE-2019-19281

CVE.ORG link : CVE-2019-19281

JSON object : View

Products Affected

siemens

simatic_s7-1500_cpu_1507s
simatic_s7-1500_cpu_1508s_f
simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware
simatic_s7-1500_cpu_1508s_firmware
simatic_s7-1500_cpu_1513-1_pn
simatic_s7-1500_cpu_1517-3_pn
simatic_s7-1500_cpu_1517-3_dp
simatic_s7-1500_cpu_1516-3_dp
simatic_s7-1500_cpu_1518-4_dp_firmware
simatic_s7-1500_cpu_1507s_f_firmware
simatic_s7-1500_cpu_1508s_f_firmware
simatic_s7-1500_cpu_1511-1_pn
simatic_s7-1500_cpu_1515-2_pn
simatic_s7-1500_cpu_1518-4_pn
simatic_s7-1500_cpu_1516-3_dp_firmware
simatic_s7-1500_cpu_1516-3_pn
simatic_s7-1500_cpu_1508s
simatic_s7-1500_cpu_1518-4_dp
simatic_s7-1500_cpu_1516-3_pn_firmware
simatic_s7-1500_cpu_1513-1_pn_firmware
simatic_s7-1500_cpu_1515-2_pn_firmware
simatic_s7-1500_cpu_1507s_firmware
simatic_s7-1500_cpu_1517-3_dp_firmware
simatic_et_200sp_open_controller_cpu_1515sp_pc2
simatic_s7-1500_cpu_1507s_f
simatic_s7-1500_cpu_1517-3_pn_firmware
simatic_s7-1500_cpu_1518-4_pn_firmware
simatic_s7-1500_cpu_1511-1_pn_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-19281

7.5^/10

7.8^/10

Attach tags to `CVE-2019-19281`